diff options
| -rw-r--r-- | install/restart_scripts/renew_ra_cert | 20 | ||||
| -rw-r--r-- | ipaserver/install/cainstance.py | 2 |
2 files changed, 12 insertions, 10 deletions
diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert index 7dc2c57e7..79bc4cf58 100644 --- a/install/restart_scripts/renew_ra_cert +++ b/install/restart_scripts/renew_ra_cert @@ -34,15 +34,17 @@ def main(): api.bootstrap(context='restart') api.finalize() - # Fetch the new certificate - db = certs.CertDB(api.env.realm) - dercert = db.get_cert_from_db(nickname, pem=False) - if not dercert: - syslog.syslog(syslog.LOG_ERR, 'No certificate %s found.' % nickname) - sys.exit(1) - - # Load it into dogtag - cainstance.update_people_entry(dercert) + ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR) + if ca.is_renewal_master(): + # Fetch the new certificate + db = certs.CertDB(api.env.realm) + dercert = db.get_cert_from_db(nickname, pem=False) + if not dercert: + syslog.syslog(syslog.LOG_ERR, 'No certificate %s found.' % nickname) + sys.exit(1) + + # Load it into dogtag + cainstance.update_people_entry(dercert) # Now restart Apache so the new certificate is available syslog.syslog(syslog.LOG_NOTICE, "Restarting httpd") diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 7e2b53a20..69842831d 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -925,7 +925,7 @@ class CAInstance(service.Service): pinfile='/etc/httpd/alias/pwdfile.txt', secdir='/etc/httpd/alias', pre_command=None, - post_command='restart_httpd') + post_command='renew_ra_cert') except (ipautil.CalledProcessError, RuntimeError), e: root_logger.error( "certmonger failed to start tracking certificate: %s" % str(e)) |