From 4bf70406d300b6d416f13db30f5c530f23170667 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 1 Apr 2010 14:18:49 -0400 Subject: [PATCH] Don't let failure to trust the CA abort the server installation. This error could result in things not working properly but it should be relatively easy to fix from the command-line. There is no point in not installing at all due to this. --- ipaserver/install/certs.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 2df7cb38d..4b8a57e92 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -791,8 +791,11 @@ class CertDB(object): if root_nickname[:7] == "Builtin": logging.debug("No need to add trust for built-in root CA's, skipping %s" % root_nickname) else: - self.run_certutil(["-M", "-n", root_nickname, - "-t", "CT,CT,"]) + try: + self.run_certutil(["-M", "-n", root_nickname, + "-t", "CT,CT,"]) + except ipautil.CalledProcessError, e: + logging.error("Setting trust on %s failed" % root_nickname) def find_server_certs(self): p = subprocess.Popen(["/usr/bin/certutil", "-d", self.secdir,