uninstall: untrack lightweight CA certs

Fixes: https://fedorahosted.org/freeipa/ticket/6020 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-07-04 13:05:28 +10:00
parent f784532d4e
commit 88841a5619
1 changed files with 6 additions and 0 deletions
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1127,6 +1127,12 @@ class CAInstance(DogtagInstance):
        """
        super(CAInstance, self).stop_tracking_certificates(False)

+        # stop tracking lightweight CA signing certs
+        for request_id in certmonger.get_requests_for_dir(self.nss_db):
+            nickname = certmonger.get_request_value(request_id, 'key-nickname')
+            if nickname.startswith('caSigningCert cert-pki-ca '):
+                certmonger.stop_tracking(self.nss_db, nickname=nickname)
+
        try:
            certmonger.stop_tracking(paths.HTTPD_ALIAS_DIR, nickname='ipaCert')
        except RuntimeError as e: