diff options
author | Jan Cholasta <jcholast@redhat.com> | 2013-10-16 08:40:31 +0000 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-25 16:54:55 +0100 |
commit | 6a19738a4560ffbfe5a70699d787c4a44a9518c5 (patch) | |
tree | 0dedb215bd13f7f17a63a6166f18e31a60334e0c /install/tools | |
parent | a356c3806b4e98207fa7d729ad921aded0a34c62 (diff) | |
download | freeipa-6a19738a4560ffbfe5a70699d787c4a44a9518c5.tar.gz freeipa-6a19738a4560ffbfe5a70699d787c4a44a9518c5.tar.xz freeipa-6a19738a4560ffbfe5a70699d787c4a44a9518c5.zip |
Use dogtag-ipa-ca-renew-agent to track certificates on master CA.
Before, dogtag-ipa-renew-agent was used to track the certificates and the
certificates were stored to LDAP in renew_ca_cert and renew_ra_cert. Since
dogtag-ipa-ca-renew-agent can store the certificates itself, the storage code
was removed from renew_ca_cert and renew_ra_cert.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'install/tools')
-rw-r--r-- | install/tools/ipa-upgradeconfig | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index de5029971..cc0172f5f 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -607,10 +607,10 @@ def enable_certificate_renewal(ca): return False if not sysupgrade.get_upgrade_state('dogtag', 'renewal_configured'): + ca.configure_certmonger_renewal() if ca.is_master(): ca.configure_renewal() else: - ca.configure_certmonger_renewal() ca.configure_clone_renewal() ca.configure_agent_renewal() ca.track_servercert() @@ -656,10 +656,10 @@ def certificate_renewal_stop_ca(ca): # Ok, now we need to stop tracking, then we can start tracking them # again with new configuration: cainstance.stop_tracking_certificates(dogtag.configured_constants()) + ca.configure_certmonger_renewal() if ca.is_master(): ca.configure_renewal() else: - ca.configure_certmonger_renewal() ca.configure_clone_renewal() ca.configure_agent_renewal() ca.track_servercert() |