summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2015-08-27 07:37:24 +0200
committerJan Cholasta <jcholast@redhat.com>2015-08-27 15:53:42 +0200
commite9a76c3d126367f72e353919ecbff45bed3abaaf (patch)
treef3f620d2cb0a1fff657c0a31f8054462f0032eae
parent43ee695195c2024c2875663f7bc1d9c3c291865d (diff)
downloadfreeipa-e9a76c3d126367f72e353919ecbff45bed3abaaf.tar.gz
freeipa-e9a76c3d126367f72e353919ecbff45bed3abaaf.tar.xz
freeipa-e9a76c3d126367f72e353919ecbff45bed3abaaf.zip
cert renewal: Automatically update KRA agent PEM file
https://fedorahosted.org/freeipa/ticket/5253 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat
-rw-r--r--install/restart_scripts/renew_ra_cert12
1 files changed, 11 insertions, 1 deletions
diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert
index 24b8ba477..4337e7a44 100644
--- a/install/restart_scripts/renew_ra_cert
+++ b/install/restart_scripts/renew_ra_cert
@@ -29,7 +29,7 @@ import traceback
from ipapython import ipautil
from ipalib import api
-from ipaserver.install import certs, cainstance
+from ipaserver.install import certs, cainstance, krainstance
from ipaplatform import services
from ipaplatform.paths import paths
@@ -60,6 +60,16 @@ def _main():
# Load it into dogtag
cainstance.update_people_entry(dercert)
+
+ kra = krainstance.KRAInstance(api.env.realm)
+ if kra.is_installed():
+ # export ipaCert with private key for client authentication
+ args = ["/usr/bin/pki",
+ "-d", paths.HTTPD_ALIAS_DIR,
+ "-C", paths.ALIAS_PWDFILE_TXT,
+ "client-cert-show", "ipaCert",
+ "--client-cert", paths.KRA_AGENT_PEM]
+ ipautil.run(args)
finally:
shutil.rmtree(tmpdir)
generated by cgit (git 2.34.1) at 2025-02-24 03:30:05 +0000