summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ipaserver/install/ca.py4
-rw-r--r--ipaserver/install/installutils.py7
-rw-r--r--ipaserver/install/ipa_cacert_manage.py7
3 files changed, 12 insertions, 6 deletions
diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index 820c6eebc..56f6692c8 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -109,7 +109,9 @@ def install_check(standalone, replica_config, options):
"--external-ca.")
external_cert_file, external_ca_file = installutils.load_external_cert(
- options.external_cert_files, options.subject)
+ options.external_cert_files,
+ DN(('CN', 'Certificate Authority'), options.subject)
+ )
elif options.external_ca:
if cainstance.is_step_one_done():
raise ScriptError(
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index e7fd69fcd..21cf4c107 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -1095,7 +1095,8 @@ def check_entropy():
except ValueError as e:
root_logger.debug("Invalid value in %s %s", paths.ENTROPY_AVAIL, e)
-def load_external_cert(files, subject_base):
+
+def load_external_cert(files, ca_subject):
"""
Load and verify external CA certificate chain from multiple files.
@@ -1103,7 +1104,7 @@ def load_external_cert(files, subject_base):
chain formats.
:param files: Names of files to import
- :param subject_base: Subject name base for IPA certificates
+ :param ca_subject: IPA CA subject DN
:returns: Temporary file with the IPA CA certificate and temporary file
with the external CA certificate chain
"""
@@ -1117,7 +1118,7 @@ def load_external_cert(files, subject_base):
except RuntimeError as e:
raise ScriptError(str(e))
- ca_subject = DN(('CN', 'Certificate Authority'), subject_base)
+ ca_subject = DN(ca_subject)
ca_nickname = None
cache = {}
for nickname, _trust_flags in nssdb.list_certs():
diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py
index 5a278f434..4082dfa4e 100644
--- a/ipaserver/install/ipa_cacert_manage.py
+++ b/ipaserver/install/ipa_cacert_manage.py
@@ -192,8 +192,6 @@ class CACertManage(admintool.AdminTool):
options = self.options
conn = api.Backend.ldap2
- cert_file, ca_file = installutils.load_external_cert(
- options.external_cert_files, x509.subject_base())
old_cert_obj = x509.load_certificate(old_cert_der, x509.DER)
old_der_subject = x509.get_der_subject(old_cert_der, x509.DER)
@@ -202,6 +200,11 @@ class CACertManage(admintool.AdminTool):
serialization.PublicFormat.SubjectPublicKeyInfo
)
+ cert_file, ca_file = installutils.load_external_cert(
+ options.external_cert_files,
+ DN(('CN', 'Certificate Authority'), x509.subject_base())
+ )
+
with open(cert_file.name) as f:
new_cert_data = f.read()
new_cert_der = x509.normalize_certificate(new_cert_data)
generated by cgit (git 2.34.1) at 2025-09-12 11:26:38 +0000