mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Fix some restart script issues found with certificate renewal.
The restart_dirsrv script wasn't initializing the api so the startup_timeout wasn't available. The subsystemCert cert-pki-ca definition was missing so we didn't know which certificate to update in CS.cfg. Add some documentation and a pause between restarts for the renew_ca_cert script so that when the CA subsystem certs are renewed they don't all try to restart the CA at the same time. https://fedorahosted.org/freeipa/ticket/3006
This commit is contained in:
@@ -1320,6 +1320,7 @@ def update_cert_config(nickname, cert):
|
||||
directives = {'auditSigningCert cert-pki-ca': 'ca.audit_signing.cert',
|
||||
'ocspSigningCert cert-pki-ca': 'ca.ocsp_signing.cert',
|
||||
'caSigningCert cert-pki-ca': 'ca.signing.cert',
|
||||
'subsystemCert cert-pki-ca': 'ca.subsystem.cert',
|
||||
'Server-Cert cert-pki-ca': 'ca.sslserver.cert' }
|
||||
|
||||
installutils.set_directive('/var/lib/%s/conf/CS.cfg' % PKI_INSTANCE_NAME,
|
||||
|
Reference in New Issue
Block a user