From 986c4e23e7f640911cbe72129dc3f675438f35d4 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 18 Nov 2009 17:51:28 -0500 Subject: [PATCH] Point to correct location of self-signed CA and set pw on 389-DS cert db The CA was moved from residing in the DS NSS database into the Apache database to support a self-signed CA certificate plugin. This was not updated in the installer boilerplate. The DS db wasn't getting a password set on it. Go ahead and set one. --- install/tools/ipa-server-install | 4 ++-- ipaserver/install/dsinstance.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 44fc5fde5..be525f73d 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -836,8 +836,8 @@ def main(): print "" if not options.dirsrv_pkcs12: - print "Be sure to back up the CA certificate stored in " + dsinstance.config_dirname(ds.serverid) + "cacert.p12" - print "The password for this file is in " + dsinstance.config_dirname(ds.serverid) + "pwdfile.txt" + print "Be sure to back up the CA certificate stored in /etc/httpd/alias/cacert.p12" + print "The password for this file is in /etc/httpd/alias/pwdfile.txt" else: print "In order for Firefox autoconfiguration to work you will need to" print "use a SSL signing certificate. See the IPA documentation for more details." diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 254c575c0..60436dee2 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -340,7 +340,7 @@ class DsInstance(service.Service): cadb = certs.CertDB(httpinstance.NSS_DIR, host_name=self.host_name) if self.self_signed_ca: cadb.create_self_signed() - dsdb.create_from_cacert(cadb.cacert_fname) + dsdb.create_from_cacert(cadb.cacert_fname, passwd=None) dsdb.create_server_cert("Server-Cert", self.host_name, cadb) dsdb.create_pin_file() else: