diff options
author | Jan Cholasta <jcholast@redhat.com> | 2017-03-14 09:32:17 +0100 |
---|---|---|
committer | Martin Babinsky <mbabinsk@redhat.com> | 2017-03-22 14:58:18 +0100 |
commit | bbd18cf10f2e67e5205a3a3bee883272e89c0042 (patch) | |
tree | 664928c9f48cc86ec413d41530091a47da41f086 | |
parent | b6624594bedce75849248469305ae964ce5ea2ef (diff) | |
download | freeipa-bbd18cf10f2e67e5205a3a3bee883272e89c0042.tar.gz freeipa-bbd18cf10f2e67e5205a3a3bee883272e89c0042.tar.xz freeipa-bbd18cf10f2e67e5205a3a3bee883272e89c0042.zip |
certs: do not implicitly create DS pin.txt
Do not implicitly create DS pin.txt in `CertDB.init_from_pkcs12()`, create
it explicitly in `DSInstance.__enable_ssl()`.
This stops the file from being created in /etc/httpd/alias during classic
replica install.
https://pagure.io/freeipa/issue/4639
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
-rw-r--r-- | ipaserver/install/certs.py | 1 | ||||
-rw-r--r-- | ipaserver/install/dsinstance.py | 3 |
2 files changed, 2 insertions, 2 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 63e7887c4..9f340b867 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -635,7 +635,6 @@ class CertDB(object): self.cacert_name = ca_names[-1] self.trust_root_cert(self.cacert_name, trust_flags) - self.create_pin_file() self.export_ca_cert(nickname, False) def publish_ca_cert(self, location): diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 91cc180e6..79dc90e92 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -838,7 +838,8 @@ class DsInstance(service.Service): certmonger.modify_ca_helper('IPA', prev_helper) self.dercert = dsdb.get_cert_from_db(self.nickname, pem=False) - dsdb.create_pin_file() + + dsdb.create_pin_file() self.cacert_name = dsdb.cacert_name |