diff --git a/ipalib/install/certmonger.py b/ipalib/install/certmonger.py index ddde00d46..23fc2ddf1 100644 --- a/ipalib/install/certmonger.py +++ b/ipalib/install/certmonger.py @@ -479,7 +479,7 @@ def request_cert( def start_tracking( certpath, ca='IPA', nickname=None, pin=None, pinfile=None, pre_command=None, post_command=None, profile=None, storage="NSSDB", - token_name=None): + token_name=None, dns=None): """ Tell certmonger to track the given certificate in either a file or an NSS database. The certificate access can be protected by a password_file. @@ -514,6 +514,8 @@ def start_tracking( Which certificate profile should be used. :param token_name: Hardware token name for HSM support + :param dns: + List of DNS names :returns: certificate tracking nickname. """ if storage == 'FILE': @@ -558,6 +560,8 @@ def start_tracking( # only pass token names for external tokens (e.g. HSM) params['key-token'] = token_name params['cert-token'] = token_name + if dns is not None and len(dns) > 0: + params['DNS'] = dns result = cm.obj_if.add_request(params) try: diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index a0e888e3f..6c7365d9b 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -44,7 +44,7 @@ from ipapython.dn import DN import ipapython.errors from ipaserver.install import sysupgrade from ipalib import api, x509 -from ipalib.constants import IPAAPI_USER, MOD_SSL_VERIFY_DEPTH +from ipalib.constants import IPAAPI_USER, MOD_SSL_VERIFY_DEPTH, IPA_CA_RECORD from ipaplatform.constants import constants from ipaplatform.tasks import tasks from ipaplatform.paths import paths @@ -593,6 +593,7 @@ class HTTPInstance(service.Service): post_command='restart_httpd', storage='FILE', profile=dogtag.DEFAULT_PROFILE, pinfile=key_passwd_file, + dns=[self.fqdn, f'{IPA_CA_RECORD}.{api.env.domain}'], ) subject = str(DN(cert.subject)) certmonger.add_principal(request_id, self.principal)