summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/ipa_server_certinstall.py
Commit message (Collapse)AuthorAgeFilesLines
* Fix ipa-server-certinstall with certs signed by 3rd-party CAFlorence Blanc-Renaud2016-06-301-3/+17
| | | | | | | | | | | | | | | | | | | | | | | Multiple issues fixed: - when untracking a certificate, the path to the NSS directory must be exactly identical (no trailing /), otherwise the request is not found and the old certificate is still tracked. - when a cert is issued by a 3rd party CA, no need to track it - the server_cert should not be found using cdb.find_server_certs()[0][0] because this function can return multiple server certificates. For instance, /etc/httpd/alias contains ipaCert, Server-Cert and Signing-Cert with the trust flags u,u,u. This leads to trying to track ipaCert (which is already tracked). The workaround is looking for server certs before and after the import, and extract server-cert as the certificate in the second list but not in the first list. https://fedorahosted.org/freeipa/ticket/4785 https://fedorahosted.org/freeipa/ticket/4786 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Remove unused importsMartin Basti2015-12-231-3/+1
| | | | | | | This patch removes unused imports, alse pylint has been configured to check unused imports. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipaplatform: Add HTTPD_USER to constants, and use it.Timo Aaltonen2015-11-041-1/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/5343 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Modernize 'except' clausesPetr Viktorin2015-08-121-1/+1
| | | | | | | The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Modernize number literalsPetr Viktorin2015-07-311-3/+3
| | | | | | | | | | | | | | Use Python-3 compatible syntax, without breaking compatibility with py 2.7 - Octals literals start with 0o to prevent confusion - The "L" at the end of large int literals is not required as they use long on Python 2 automatically. - Using 'int' instead of 'long' for small numbers is OK in all cases except strict type checking checking, e.g. type(0). https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipalib: Load ipaserver plugins when api.env.in_server is TrueJan Cholasta2015-07-011-1/+1
| | | | | | | https://fedorahosted.org/freeipa/ticket/3090 https://fedorahosted.org/freeipa/ticket/5073 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* move realm_to_serverid to installutils moduleMartin Basti2015-05-051-1/+1
| | | | | | | | | To avoid cyclic imports realm_to_serverid function had to be moved to installutils from dsinstance. Required for: https://fedorahosted.org/freeipa/ticket/4925 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Check LDAP instead of local configuration to see if IPA CA is enabledJan Cholasta2014-10-171-9/+11
| | | | | | | | The check is done using a new hidden command ca_is_enabled. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* Allow choosing CA-less server certificates by nameJan Cholasta2014-09-301-1/+5
| | | | | | | | | | | Added new --*-cert-name options to ipa-server-install and ipa-replica-prepare and --cert-name option to ipa-server-certinstall. The options allows choosing a particular certificate and private key from PKCS#12 files by its friendly name. https://fedorahosted.org/freeipa/ticket/4489 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* CA-less installer options usability fixesJan Cholasta2014-09-301-13/+13
| | | | | | | | | | | | | | | | | | | The --*_pkcs12 options of ipa-server-install and ipa-replica-prepare have been replaced by --*-cert-file options which accept multiple files. ipa-server-certinstall now accepts multiple files as well. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. The --root-ca-file option of ipa-server-install has been replaced by --ca-cert-file option which accepts multiple files. The files are accepted in PEM and DER certificate and PKCS#7 certificate chain formats. The --*_pin options of ipa-server-install and ipa-replica-prepare have been renamed to --*-pin. https://fedorahosted.org/freeipa/ticket/4489 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Make CA-less ipa-server-install option --root-ca-file optional.Jan Cholasta2014-09-051-1/+2
| | | | | | | | | | | | | The CA cert specified by --root-ca-file option must always be the CA cert of the CA which issued the server certificates in the PKCS#12 files. As the cert is not actually user selectable, use CA cert from the PKCS#12 files by default if it is present. Document --root-ca-file in ipa-server-install man page. https://fedorahosted.org/freeipa/ticket/4457 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Move all filesystem paths to ipaplatform.paths moduleTomas Babej2014-06-161-2/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Move CACERT definition to a single place.Jan Cholasta2014-03-251-2/+1
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use /usr/bin/python2Xiao-Long Chen2014-01-031-1/+0
| | | | | | | | | | | | Part of the effort to port FreeIPA to Arch Linux, where Python 3 is the default. FreeIPA hasn't been ported to Python 3, so the code must be modified to run /usr/bin/python2 https://fedorahosted.org/freeipa/ticket/3438 Updated by pviktori@redhat.com
* Turn LDAPEntry.single_value into a dictionary-like property.Jan Cholasta2013-11-051-1/+1
| | | | | | This change makes single_value consistent with the raw property. https://fedorahosted.org/freeipa/ticket/3521
* Allow PKCS#12 files with empty password in install tools.Jan Cholasta2013-10-041-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3897
* Read passwords from stdin when importing PKCS#12 files with pk12util.Jan Cholasta2013-10-041-3/+2
| | | | | | | This works around pk12util refusing to use empty password files, which prevents the use of PKCS#12 files with empty password. https://fedorahosted.org/freeipa/ticket/3897
* Fix ipa-server-certinstall usage string.Jan Cholasta2013-08-281-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3869
* Add --dirman-password option to ipa-server-certinstall.Jan Cholasta2013-08-281-4/+8
| | | | https://fedorahosted.org/freeipa/ticket/3869
* Ask for PKCS#12 password interactively in ipa-server-certinstall.Jan Cholasta2013-08-201-3/+7
| | | | https://fedorahosted.org/freeipa/ticket/3641
* Add --pin option to ipa-server-certinstall.Jan Cholasta2013-08-201-10/+10
| | | | | | Hide the unnecessary --dirsrv_pin and --http_pin options. https://fedorahosted.org/freeipa/ticket/3869
* Untrack old and track new cert with certmonger in ipa-server-certinstall.Jan Cholasta2013-08-201-3/+12
| | | | https://fedorahosted.org/freeipa/ticket/3641
* Replace only the cert instead of the whole NSS DB in ipa-server-certinstall.Jan Cholasta2013-08-201-13/+17
| | | | https://fedorahosted.org/freeipa/ticket/3641
* Ignore empty mod error when updating DS SSL config in ipa-server-certinstall.Jan Cholasta2013-08-201-2/+5
| | | | https://fedorahosted.org/freeipa/ticket/3641
* Port ipa-server-certinstall to the admintool framework.Jan Cholasta2013-08-201-0/+154
Change the log file path from /var/log/ipa/default.log to admintool's default path. https://fedorahosted.org/freeipa/ticket/3641
generated by cgit (git 2.34.1) at 2024-06-24 18:27:12 +0000