summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/httpinstance.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipaserver/install/httpinstance.py')
-rw-r--r--ipaserver/install/httpinstance.py14
1 files changed, 14 insertions, 0 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index b53333a84..ca3bcc87e 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -351,11 +351,25 @@ class HTTPInstance(service.Service):
os.chown(pwd_conf, pent.pw_uid, pent.pw_gid)
os.chmod(pwd_conf, 0o400)
+ def disable_system_trust(self):
+ name = 'Root Certs'
+ args = [paths.MODUTIL, '-dbdir', paths.HTTPD_ALIAS_DIR, '-force']
+
+ result = ipautil.run(args + ['-list', name],
+ env={},
+ capture_output=True)
+ if 'Status: Enabled' in result.output:
+ ipautil.run(args + ['-disable', name], env={})
+ return True
+
+ return False
+
def __setup_ssl(self):
db = certs.CertDB(self.realm, nssdir=paths.HTTPD_ALIAS_DIR,
subject_base=self.subject_base, user="root",
group=constants.HTTPD_GROUP,
truncate=(not self.promote))
+ self.disable_system_trust()
if self.pkcs12_info:
if self.ca_is_configured:
trust_flags = 'CT,C,C'
generated by cgit (git 2.34.1) at 2026-01-07 18:00:14 +0000