diff options
-rw-r--r-- | ipaserver/install/cainstance.py | 6 | ||||
-rw-r--r-- | ipaserver/install/server/install.py | 9 |
2 files changed, 9 insertions, 6 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 6cb6e3c94..8f544ec1e 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -423,6 +423,8 @@ class CAInstance(DogtagInstance): self.step("setting audit signing renewal to 2 years", self.set_audit_renewal) self.step("restarting certificate server", self.restart_instance) if not self.clone: + self.step("publishing the CA certificate", + self.__publish_ca_cert) self.step("adding RA agent as a trusted user", self.__create_ca_agent) self.step("authorizing RA to modify profiles", configure_profiles_acl) self.step("authorizing RA to manage lightweight CAs", @@ -744,6 +746,10 @@ class CAInstance(DogtagInstance): conn.disconnect() + def __publish_ca_cert(self): + db = certs.CertDB(self.realm) + db.publish_ca_cert(paths.IPA_CA_CRT) + def __get_ca_chain(self): try: return dogtag.get_ca_certchain(ca_host=self.fqdn) diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index dd04624fc..813329372 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -775,14 +775,11 @@ def install(installer): write_cache(cache_vars) # Create RA DB - radb = certs.CertDB(realm_name, nssdir=paths.IPA_RADB_DIR, - user=IPAAPI_USER, group=IPAAPI_GROUP, - truncate=True) + certs.CertDB(realm_name, nssdir=paths.IPA_RADB_DIR, + user=IPAAPI_USER, group=IPAAPI_GROUP, + truncate=True) ca.install_step_0(False, None, options) - - # Now put the CA cert where other instances expect it - radb.publish_ca_cert(paths.IPA_CA_CRT) else: # Put the CA cert where other instances expect it x509.write_certificate(http_ca_cert, paths.IPA_CA_CRT) |