IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Run certupdate after promoting to CA-ful deployment

Browse Source 
After installing a CA in a CA-less installations (using
ipa-ca-install), the new CA certificate is not installed in
/etc/httpd/alias. This causes communication failure between IPA
framework and Dogtag (it cannot verify the Dogtag server
certificate).

Perform a CertUpdate as the final step when promoting a CA-less
deployment to CA-ful.

Fixes: https://pagure.io/freeipa/issue/7230
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Fraser Tweedale 2017-10-31 18:20:15 +11:00 committed by Christian Heimes
parent 8960141adb
commit 97942a7c7a
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
install/tools/ipa-ca-install
View File

@ -254,6 +254,10 @@ def install_master(safe_options, options):
ca.install_check(True, None, options)
ca.install(True, None, options)
# Run ipa-certupdate to add the new CA certificate to
# certificate databases on this server.
logger.info("Updating certificate databases.")
CertUpdate.run_with_args(api)
def install(safe_options, options, filename):
options.promote = False