Convert the setup of ssl from a shell script to a

python module. This is in preparation for user supplied certs.
2025-02-25 18:55:28 -06:00
parent ad3fcc200c
commit 3b4f0db73e
7 changed files with 245 additions and 229 deletions
--- a/ipa-server/ipaserver/httpinstance.py
+++ b/ipa-server/ipaserver/httpinstance.py
@@ -27,6 +27,8 @@ import sys
 import time

 import service
+import certs
+import dsinstance
 from ipa.ipautil import *

 HTTPD_DIR = "/etc/httpd"
@@ -143,3 +145,11 @@ class HTTPInstance(service.Service):
        self.step("Setting mod_nss port to 443")
        if update_file(NSS_CONF, '8443', '443') != 0:
            print "Updating %s failed." % NSS_CONF
+
+    def __setup_ssl(self):
+        self.step("Setting up ssl")
+        ds_ca = certs.CertDB(dsinstance.config_dirname(self.realm))
+        ca = certs.CertDB(dirname)
+        ca.create_from_cacert(ds_ca.cacert_fname)
+        ca.create_server_cert_extca("Server-Cert", "cn=%s,ou=Apache Web Server" % self.fqdn, ds_ca)
+