IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Set IPA CA for freeipa certificates.

Browse Source 
In previous versions (before moving certmonger.py to DBus) it was set and some
tools and modules depends on it. For example: ipa-getcert uses this to filter
freeipa certificates.

https://fedorahosted.org/freeipa/ticket/4618

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
David Kupka 2014-10-14 03:40:43 -04:00 committed by Petr Viktorin
parent b89c184ad5
commit 2e7f8da238
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ipapython/certmonger.py
View File

@ -279,7 +279,7 @@ def start_tracking(nickname, secdir, password_file=None, command=None):
certmonger to run when it renews a certificate. This command must
reside in /usr/lib/ipa/certmonger to work with SELinux.
Returns True or False
Returns certificate nickname.
"""
cm = _connect_to_certmonger()
params = {'TRACK': True}
@ -289,6 +289,10 @@ def start_tracking(nickname, secdir, password_file=None, command=None):
params['key-nickname'] = nickname
params['key-database'] = os.path.abspath(secdir)
params['key-storage'] = 'NSSDB'
ca_path = cm.obj_if.find_ca_by_nickname('IPA')
if not ca_path:
raise RuntimeError('IPA CA not found')
params['ca'] = ca_path
if command:
params['cert-postsave-command'] = command
if password_file: