Configure certmonger to execute restart scripts on renewal.

certmonger now has the ability to execute a script when it renews a certificate. This can be used to automatically restart servers so the certificate doesn't expire in the running server. https://fedorahosted.org/freeipa/ticket/2050
2025-02-25 18:55:28 -06:00 · 2012-04-10 21:21:08 +02:00
parent e9b79cc1e1
commit 717bbcd2bf
11 changed files with 73 additions and 10 deletions
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -210,7 +210,7 @@ class HTTPInstance(service.Service):
            # We only handle one server cert
            nickname = server_certs[0][0]
            self.dercert = db.get_cert_from_db(nickname, pem=False)
-            db.track_server_cert(nickname, self.principal, db.passwd_fname)
+            db.track_server_cert(nickname, self.principal, db.passwd_fname, 'restart_httpd')

            self.__set_mod_nss_nickname(nickname)
        else:
@@ -219,7 +219,7 @@ class HTTPInstance(service.Service):

            db.create_password_conf()
            self.dercert = db.create_server_cert("Server-Cert", self.fqdn, ca_db)
-            db.track_server_cert("Server-Cert", self.principal, db.passwd_fname)
+            db.track_server_cert("Server-Cert", self.principal, db.passwd_fname, 'restart_httpd')
            db.create_signing_cert("Signing-Cert", "Object Signing Cert", ca_db)

        # Fix the database permissions