From 861d1bbdca4793fb45fb233d236d3793cc23da36 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 14 Mar 2011 16:27:19 -0400
Subject: Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance.

This fixes 2 AVCS:

* One because we are enabling port 7390 because an SSL port must be
  defined to use TLS On 7389.
* We were symlinking to the main IPA 389-ds NSS certificate databsae.
  Instead generate a separate NSS database and certificate and have
  certmonger track it separately

I also noticed some variable inconsistency in cainstance.py. Everywhere
else we use self.fqdn and that was using self.host_name. I found it
confusing so I fixed it.

ticket 1085
---
 install/tools/ipa-replica-prepare | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'install/tools/ipa-replica-prepare')

diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index 36e34d78b..e9122351f 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -338,6 +338,14 @@ def main():
             print "%s" % e
             sys.exit(1)
 
+    if not certs.ipa_self_signed():
+        print "Creating SSL certificate for the dogtag Directory Server"
+        try:
+            export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "dogtagcert", replica_fqdn, subject_base)
+        except errors.CertificateOperationError, e:
+            print "%s" % e
+            sys.exit(1)
+
     if options.http_pin:
         passwd = options.http_pin
     else:
-- 
cgit