diff options
| author | Simo Sorce <simo@redhat.com> | 2016-12-13 10:32:32 -0500 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2017-02-15 07:13:37 +0100 |
| commit | d124e307f3b7d88bca53784f030ed6043b224432 (patch) | |
| tree | 775fca61a10a7b2b2d0af42cf5ae9290fa6103ec /ipaclient | |
| parent | d2f5fc304f1938d23171ae330fa20b213ceed54e (diff) | |
| download | freeipa-d124e307f3b7d88bca53784f030ed6043b224432.tar.gz freeipa-d124e307f3b7d88bca53784f030ed6043b224432.tar.xz freeipa-d124e307f3b7d88bca53784f030ed6043b224432.zip | |
Separate RA cert store from the HTTP cert store
This is in preparation for separating out the user under which the
ipa api framework runs as.
This commit also removes certs.NSS_DIR to avoid confusion and replaces
it where appropriate with the correct NSS DB directory, either the old
HTTPD_ALIAS_DIR ot the RA DB IPA_RADB_DIR. In some cases its use is
removed altogether as it was simply not necessary.
https://fedorahosted.org/freeipa/ticket/5959
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaclient')
| -rw-r--r-- | ipaclient/install/ipa_certupdate.py | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ipaclient/install/ipa_certupdate.py b/ipaclient/install/ipa_certupdate.py index 75c5d97df..ec22594f8 100644 --- a/ipaclient/install/ipa_certupdate.py +++ b/ipaclient/install/ipa_certupdate.py @@ -139,6 +139,7 @@ class CertUpdate(admintool.AdminTool): services.knownservices.dirsrv.restart(instance) self.update_db(paths.HTTPD_ALIAS_DIR, certs) + self.update_db(paths.IPA_RADB_DIR, certs) if services.knownservices.httpd.is_running(): services.knownservices.httpd.restart() |