diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2014-09-24 16:48:15 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-09-30 08:50:47 +0200 |
| commit | 3cde7e9cfd7908b24082e3e50cdd0955726223d0 (patch) | |
| tree | 235ef572fd448a2246b5a9ede1787f5250e6ffb9 /install/tools/ipa-server-install | |
| parent | 88083887c994ab505d6e07151e5dd26b56bb7732 (diff) | |
| download | freeipa-3cde7e9cfd7908b24082e3e50cdd0955726223d0.tar.gz freeipa-3cde7e9cfd7908b24082e3e50cdd0955726223d0.tar.xz freeipa-3cde7e9cfd7908b24082e3e50cdd0955726223d0.zip | |
Allow choosing CA-less server certificates by name
Added new --*-cert-name options to ipa-server-install and ipa-replica-prepare
and --cert-name option to ipa-server-certinstall. The options allows choosing
a particular certificate and private key from PKCS#12 files by its friendly
name.
https://fedorahosted.org/freeipa/ticket/4489
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'install/tools/ipa-server-install')
| -rwxr-xr-x | install/tools/ipa-server-install | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 636ba7496..89d73304f 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -248,6 +248,15 @@ def parse_options(): help="The password to unlock the Kerberos KDC private key") cert_group.add_option("--pkinit_pin", dest="pkinit_pin", sensitive=True, help=SUPPRESS_HELP) + cert_group.add_option("--dirsrv-cert-name", dest="dirsrv_cert_name", + metavar="NAME", + help="Name of the Directory Server SSL certificate to install") + cert_group.add_option("--http-cert-name", dest="http_cert_name", + metavar="NAME", + help="Name of the Apache Server SSL certificate to install") + cert_group.add_option("--pkinit-cert-name", dest="pkinit_cert_name", + metavar="NAME", + help="Name of the Kerberos KDC SSL certificate to install") cert_group.add_option("--ca-cert-file", dest="ca_cert_files", action="append", metavar="FILE", help="File containing CA certificates for the service certificate files") @@ -943,7 +952,7 @@ def main(): http_pkcs12_file, http_pin, http_ca_cert = load_pkcs12( cert_files=options.http_cert_files, key_password=options.http_pin, - key_nickname=None, + key_nickname=options.http_cert_name, ca_cert_files=options.ca_cert_files, host_name=host_name) http_pkcs12_info = (http_pkcs12_file.name, http_pin) @@ -959,7 +968,7 @@ def main(): dirsrv_pkcs12_file, dirsrv_pin, dirsrv_ca_cert = load_pkcs12( cert_files=options.dirsrv_cert_files, key_password=options.dirsrv_pin, - key_nickname=None, + key_nickname=options.dirsrv_cert_name, ca_cert_files=options.ca_cert_files, host_name=host_name) dirsrv_pkcs12_info = (dirsrv_pkcs12_file.name, dirsrv_pin) @@ -975,7 +984,7 @@ def main(): pkinit_pkcs12_file, pkinit_pin, pkinit_ca_cert = load_pkcs12( cert_files=options.pkinit_cert_files, key_password=options.pkinit_pin, - key_nickname=None, + key_nickname=options.pkinit_cert_name, ca_cert_files=options.ca_cert_files, host_name=host_name) pkinit_pkcs12_info = (pkinit_pkcs12_file.name, pkinit_pin) |