Ask for PKCS#12 password interactively in ipa-server-certinstall.

https://fedorahosted.org/freeipa/ticket/3641

1 files changed, 7 insertions, 3 deletions

diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py
index a87f393e1..bda054bfb 100644
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@@ -69,9 +69,6 @@ class ServerCertInstall(admintool.AdminTool):
 
         if not self.options.dirsrv and not self.options.http:
             self.option_parser.error("you must specify dirsrv and/or http")
-        if not self.options.pin:
-            self.option_parser.error("you must provide the password for the "
-                                     "PKCS#12 file")
 
         if len(self.args) != 1:
             self.option_parser.error("you must provide a pkcs12 filename")
@@ -86,6 +83,13 @@ class ServerCertInstall(admintool.AdminTool):
                 raise admintool.ScriptError(
                     "Directory Manager password required")
 
+        if not self.options.pin:
+            self.options.pin = installutils.read_password(
+                "Enter %s unlock" % self.args[0], confirm=False, validate=False)
+            if self.options.pin is None:
+                raise admintool.ScriptError(
+                    "%s unlock password required" % self.args[0])
+
     def run(self):
         api.bootstrap(in_server=True)
         api.finalize()