Moving ipaCert from HTTPD_ALIAS_DIR

The "ipaCert" nicknamed certificate is not required to be in /var/lib/ipa/radb NSSDB anymore as we were keeping a copy of this file in a separate file anyway. Remove it from there and track only the file. Remove the IPA_RADB_DIR as well as it is not required anymore. https://fedorahosted.org/freeipa/ticket/5695 https://fedorahosted.org/freeipa/ticket/6680 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-01-13 09:08:42 +01:00
parent 24b134c633
commit 5ab85b365a
24 changed files with 337 additions and 421 deletions
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -811,13 +811,14 @@ class DsInstance(service.Service):
                    'restart_dirsrv %s' % self.serverid)
        else:
            dsdb.create_from_cacert()
-            ca_args = ['/usr/libexec/certmonger/dogtag-submit',
-                       '--ee-url', 'https://%s:8443/ca/ee/ca' % self.fqdn,
-                       '--dbdir', paths.IPA_RADB_DIR,
-                       '--nickname', 'ipaCert',
-                       '--sslpinfile', os.path.join(paths.IPA_RADB_DIR,
-                                                    'pwdfile.txt'),
-                       '--agent-submit']
+            ca_args = [
+                paths.CERTMONGER_DOGTAG_SUBMIT,
+                '--ee-url', 'https://%s:8443/ca/ee/ca' % self.fqdn,
+                '--certfile', paths.RA_AGENT_PEM,
+                '--keyfile', paths.RA_AGENT_KEY,
+                '--cafile', paths.IPA_CA_CRT,
+                '--agent-submit'
+            ]
            helper = " ".join(ca_args)
            prev_helper = certmonger.modify_ca_helper('IPA', helper)
            try: