diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-06-12 11:29:57 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-07-30 16:04:21 +0200 |
commit | 9e223e6fd4f16213355c64cd2524500c689210ff (patch) | |
tree | 941707dc24d1946151e3d8068596b6c5e70bfab3 /install/restart_scripts | |
parent | 6f01499419e31383d8d97b806b15639aab7f0197 (diff) | |
download | freeipa-9e223e6fd4f16213355c64cd2524500c689210ff.tar.gz freeipa-9e223e6fd4f16213355c64cd2524500c689210ff.tar.xz freeipa-9e223e6fd4f16213355c64cd2524500c689210ff.zip |
Upload renewed CA cert to certificate store on renewal.
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'install/restart_scripts')
-rw-r--r-- | install/restart_scripts/renew_ca_cert | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert index b66cfa292..69d79338d 100644 --- a/install/restart_scripts/renew_ca_cert +++ b/install/restart_scripts/renew_ca_cert @@ -29,7 +29,7 @@ import traceback from ipapython import dogtag, certmonger, ipautil from ipapython.dn import DN -from ipalib import api, errors, x509, util +from ipalib import api, errors, x509, certstore from ipaserver.install import certs, cainstance, installutils from ipaserver.plugins.ldap2 import ldap2 from ipaplatform import services @@ -103,13 +103,8 @@ def main(): conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri) conn.connect(ccache=ccache) - dn = DN(('cn', 'CAcert'), ('cn', 'ipa'), ('cn', 'etc'), - api.env.basedn) try: - entry = conn.get_entry( - dn, attrs_list=['cACertificate;binary']) - entry['cACertificate;binary'] = [cert] - conn.update_entry(entry) + certstore.update_ca_cert(conn, api.env.basedn, cert) except errors.EmptyModlist: pass |