IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Upload renewed CA cert to certificate store on renewal.

Browse Source 
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Jan Cholasta
2014-06-12 11:29:57 +02:00
committed by Petr Viktorin
parent 6f01499419
commit 9e223e6fd4
1 changed files with 2 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
install/restart_scripts/renew_ca_cert
View File

@@ -29,7 +29,7 @@ import traceback
from ipapython import dogtag, certmonger, ipautil
from ipapython.dn import DN
from ipalib import api, errors, x509, util
from ipalib import api, errors, x509, certstore
from ipaserver.install import certs, cainstance, installutils
from ipaserver.plugins.ldap2 import ldap2
from ipaplatform import services
@@ -103,13 +103,8 @@ def main():
conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri)
conn.connect(ccache=ccache)
dn = DN(('cn', 'CAcert'), ('cn', 'ipa'), ('cn', 'etc'),
api.env.basedn)
try:
entry = conn.get_entry(
dn, attrs_list=['cACertificate;binary'])
entry['cACertificate;binary'] = [cert]
conn.update_entry(entry)
certstore.update_ca_cert(conn, api.env.basedn, cert)
except errors.EmptyModlist:
pass