Remove certificate "External CA cert" from /etc/pki/nssdb on client uninstall.

This is a no longer used nickname for CA certificate on CA-less server installs. Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-01-13 09:41:55 -06:00 · 2014-06-12 17:54:40 +02:00 · 2014-06-12 17:54:40 +02:00 · a8a44c1c71
commit a8a44c1c71
parent 52f72ec058
1 changed files with 7 additions and 3 deletions
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@ -483,12 +483,16 @@ def uninstall(options, env):
    client_nss_nickname = client_nss_nickname_format % hostname

    # Remove our host cert and CA cert
-    if nickname_exists("IPA CA"):
+    for nickname in ('IPA CA', 'External CA cert'):
+        if not nickname_exists(nickname):
+            continue
        try:
-            run([paths.CERTUTIL, "-D", "-d", paths.NSS_DB_DIR, "-n", "IPA CA"])
+            run([paths.CERTUTIL, "-D",
+                 "-d", paths.NSS_DB_DIR,
+                 "-n", nickname])
        except Exception, e:
            root_logger.error(
-                "Failed to remove IPA CA from /etc/pki/nssdb: %s", str(e))
+                "Failed to remove %s from /etc/pki/nssdb: %s", nickname, e)

    # Always start certmonger. We can't untrack something if it isn't
    # running