uninstall: untrack lightweight CA certs

Fixes: https://fedorahosted.org/freeipa/ticket/6020 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
author: Fraser Tweedale <ftweedal@redhat.com> 2016-07-04 13:05:28 +1000
committer: Petr Vobornik <pvoborni@redhat.com> 2016-07-12 10:50:52 +0200
commit: 88841a561922fd9a57f3c473833f2ff26c8061ec (patch)
tree: 0ebe114615d5efa1e921d16abf4e96aa68a4df39
parent: f784532d4ed6f25cf8ba12f83a7c322515434855 (diff)
download: freeipa-88841a561922fd9a57f3c473833f2ff26c8061ec.tar.gz
freeipa-88841a561922fd9a57f3c473833f2ff26c8061ec.tar.xz
freeipa-88841a561922fd9a57f3c473833f2ff26c8061ec.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 5e3e8c7f9..070498fe8 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1127,6 +1127,12 @@ class CAInstance(DogtagInstance):
         """
         super(CAInstance, self).stop_tracking_certificates(False)
 
+        # stop tracking lightweight CA signing certs
+        for request_id in certmonger.get_requests_for_dir(self.nss_db):
+            nickname = certmonger.get_request_value(request_id, 'key-nickname')
+            if nickname.startswith('caSigningCert cert-pki-ca '):
+                certmonger.stop_tracking(self.nss_db, nickname=nickname)
+
         try:
             certmonger.stop_tracking(paths.HTTPD_ALIAS_DIR, nickname='ipaCert')
         except RuntimeError as e:
author	Fraser Tweedale <ftweedal@redhat.com>	2016-07-04 13:05:28 +1000
committer	Petr Vobornik <pvoborni@redhat.com>	2016-07-12 10:50:52 +0200
commit	88841a561922fd9a57f3c473833f2ff26c8061ec (patch)
tree	0ebe114615d5efa1e921d16abf4e96aa68a4df39
parent	f784532d4ed6f25cf8ba12f83a7c322515434855 (diff)
download	freeipa-88841a561922fd9a57f3c473833f2ff26c8061ec.tar.gz freeipa-88841a561922fd9a57f3c473833f2ff26c8061ec.tar.xz freeipa-88841a561922fd9a57f3c473833f2ff26c8061ec.zip