From 99cb2fe64a4d6969178544601cb5ba694e65132b Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 10 Mar 2010 11:02:50 -0500 Subject: [PATCH] Initialize the api so imports work, trust all CAs included in the PKCS#12. --- install/tools/ipa-server-certinstall | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/install/tools/ipa-server-certinstall b/install/tools/ipa-server-certinstall index 6ba073dd3..d02dbbbae 100755 --- a/install/tools/ipa-server-certinstall +++ b/install/tools/ipa-server-certinstall @@ -31,6 +31,7 @@ from ipapython.ipautil import user_input from ipaserver import ipaldap from ipaserver.install import certs, dsinstance, httpinstance, installutils +from ipalib import api def get_realm_name(): c = krbV.default_context() @@ -100,6 +101,7 @@ def import_cert(dirname, pkcs12_fname, pkcs12_passwd, db_password): try: try: cdb.import_pkcs12(pkcs12_fname, pw_name) + ca_names = cdb.find_root_cert_from_pkcs12(pkcs12_fname, pw_name) except RuntimeError, e: print str(e) sys.exit(1) @@ -115,13 +117,19 @@ def import_cert(dirname, pkcs12_fname, pkcs12_passwd, db_password): else: server_cert = choose_server_cert(server_certs) - cdb.trust_root_cert(server_cert[0]) + for ca in ca_names: + cdb.trust_root_cert(ca) return server_cert def main(): options, pkcs12_fname = parse_options() + cfg = dict(in_server=True,) + + api.bootstrap(**cfg) + api.finalize() + try: if options.dirsrv: dm_password = getpass.getpass("Directory Manager password: ")