3 files changed, 11 insertions, 0 deletions

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index b72255f1a..d94520166 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -480,6 +480,9 @@ class CAInstance(DogtagInstance):
         config.set("CA", "pki_ds_base_dn", self.basedn)
         config.set("CA", "pki_ds_database", "ipaca")
 
+        if not self.create_ra_agent_db and not self.clone:
+            self._use_ldaps_during_spawn(config)
+
         # Certificate subject DN's
         config.set("CA", "pki_subsystem_subject_dn",
             str(DN(('cn', 'CA Subsystem'), self.subject_base)))
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index 5c2b28202..f5e5649f9 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -500,3 +500,9 @@ class DogtagInstance(service.Service):
         for group in self.admin_groups:
             self.__remove_admin_from_group(group)
         self.admin_conn.delete_entry(self.admin_dn)
+
+    def _use_ldaps_during_spawn(self, config, ds_cacert=paths.IPA_CA_CRT):
+        config.set(self.subsystem, "pki_ds_ldaps_port", "636")
+        config.set(self.subsystem, "pki_ds_secure_connection", "True")
+        config.set(self.subsystem, "pki_ds_secure_connection_ca_pem_file",
+                   ds_cacert)
diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
index 6589bb54e..a354d3748 100644
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@@ -182,6 +182,8 @@ class KRAInstance(DogtagInstance):
         config.set("KRA", "pki_ds_database", "ipaca")
         config.set("KRA", "pki_ds_create_new_db", "False")
 
+        self._use_ldaps_during_spawn(config)
+
         # Certificate subject DNs
         config.set("KRA", "pki_subsystem_subject_dn",
                    str(DN(('cn', 'CA Subsystem'), self.subject_base)))