Fix certificate retrieval in ipa-replica-prepare for DL0

The NSSDatabase object doesn't know the format of an NSS database until the database is created so an explcit call to nssdb.create_db. https://pagure.io/freeipa/issue/7469 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2025-02-25 18:55:28 -06:00 · 2018-03-27 16:59:55 -04:00 · 2018-03-27 16:59:55 -04:00 · 573f13228d
commit 573f13228d
parent 880d9b4134
1 changed files with 9 additions and 1 deletions
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@ -569,8 +569,16 @@ class CertDB(object):
        ])

    def create_from_cacert(self):
+        """
+        Ensure that a CA chain is in the NSS database.
+
+        If an NSS database already exists ensure that the CA chain
+        we want to load is in there and if not add it. If there is no
+        database then create an NSS database and load the CA chain.
+        """
        cacert_fname = paths.IPA_CA_CRT
-        if os.path.isfile(self.certdb_fname):
+
+        if self.nssdb.exists():
            # We already have a cert db, see if it is for the same CA.
            # If it is we leave things as they are.
            with open(cacert_fname, "r") as f: