summaryrefslogtreecommitdiffstats
path: root/install/tools
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2012-10-09 10:40:20 -0400
committerRob Crittenden <rcritten@redhat.com>2012-10-09 19:24:43 -0400
commit392097f20673708a684da168aec302da7ccda9a6 (patch)
tree94406708a2008a6f0367ff0038372a2c1bda23de /install/tools
parent1dd103bc8c445a1fe4f5ab59a1e6a343a8984305 (diff)
Configure the initial CA as the CRL generator.
Any installed clones will have CRL generation explicitly disabled. It is a manual process to make a different CA the CRL generator. There should be only one. https://fedorahosted.org/freeipa/ticket/3051
Diffstat (limited to 'install/tools')
-rw-r--r--install/tools/ipa-upgradeconfig9
1 files changed, 8 insertions, 1 deletions
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 3ba6b5c06..384261498 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -603,13 +603,20 @@ def main():
AUTOREDIR='' if auto_redirect else '#',
CRL_PUBLISH_PATH=configured_constants.CRL_PUBLISH_PATH,
DOGTAG_PORT=configured_constants.AJP_PORT,
+ CLONE='#'
)
+ ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR)
# migrate CRL publish dir before the location in ipa.conf is updated
- ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR)
ca_restart = migrate_crl_publish_dir(ca)
+ if ca.is_configured():
+ crl = installutils.get_directive(configured_constants.CS_CFG_PATH,
+ 'ca.crl.MasterCRL.enableCRLUpdates',
+ '=')
+ sub_dict['CLONE']='#' if crl.lower() == 'true' else ''
+
upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf", ipautil.SHARE_DIR + "ipa.conf")
upgrade(sub_dict, "/etc/httpd/conf.d/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf")
upgrade(sub_dict, "/etc/httpd/conf.d/ipa-pki-proxy.conf", ipautil.SHARE_DIR + "ipa-pki-proxy.conf", add=True)
generated by cgit (git 2.34.1) at 2026-03-21 22:09:42 +0000