diff options
author | Petr Viktorin <pviktori@redhat.com> | 2013-03-26 15:31:07 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-04-02 15:28:50 +0200 |
commit | 1bc892c02daf5e6295ac2e59f17499f6f168b899 (patch) | |
tree | db06dde803df94c98995194d6f77d8aec68031d0 /install | |
parent | 03a2c66eda695ad2d4bfe675fa2902035e6b37f0 (diff) | |
download | freeipa-1bc892c02daf5e6295ac2e59f17499f6f168b899.tar.gz freeipa-1bc892c02daf5e6295ac2e59f17499f6f168b899.tar.xz freeipa-1bc892c02daf5e6295ac2e59f17499f6f168b899.zip |
Load the CA cert into server NSS databases
The CA cert was not loaded, so if it was missing from the PKCS#12 file,
installation would fail.
Pass the cert filename to the server installers and include it in
the NSS DB.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3363
Diffstat (limited to 'install')
-rwxr-xr-x | install/tools/ipa-replica-install | 7 | ||||
-rwxr-xr-x | install/tools/ipa-server-install | 5 |
2 files changed, 8 insertions, 4 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index a0f20e44b..af80c1e3e 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -164,7 +164,7 @@ def install_replica_ds(config): ds.create_replica(config.realm_name, config.master_host_name, config.host_name, config.domain_name, config.dirman_password, - pkcs12_info) + pkcs12_info, ca_file = config.dir + "/ca.crt") return ds @@ -209,7 +209,10 @@ def install_http(config, auto_redirect): memcache.create_instance('MEMCACHE', config.host_name, config.dirman_password, ipautil.realm_to_suffix(config.realm_name)) http = httpinstance.HTTPInstance() - http.create_instance(config.realm_name, config.host_name, config.domain_name, config.dirman_password, False, pkcs12_info, self_signed_ca=True, auto_redirect=auto_redirect) + http.create_instance( + config.realm_name, config.host_name, config.domain_name, + config.dirman_password, False, pkcs12_info, + auto_redirect=auto_redirect, ca_file = config.dir + "/ca.crt") # Now copy the autoconfiguration files if ipautil.file_exists(config.dir + "/preferences.html"): diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 5aa5cd73f..da3caa08d 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -991,7 +991,8 @@ def main(): dm_password, dirsrv_pkcs12_info, idstart=options.idstart, idmax=options.idmax, subject_base=options.subject, - hbac_allow=not options.hbac_allow) + hbac_allow=not options.hbac_allow, + ca_file=ca_file) else: ds = dsinstance.DsInstance(fstore=fstore) ds.create_instance(realm_name, host_name, domain_name, @@ -1122,7 +1123,7 @@ def main(): http.create_instance( realm_name, host_name, domain_name, dm_password, autoconfig=False, pkcs12_info=http_pkcs12_info, subject_base=options.subject, - auto_redirect=options.ui_redirect) + auto_redirect=options.ui_redirect, ca_file=ca_file) else: http.create_instance( realm_name, host_name, domain_name, dm_password, autoconfig=True, |