certs: do not implicitly create DS pin.txt

Do not implicitly create DS pin.txt in `CertDB.init_from_pkcs12()`, create
it explicitly in `DSInstance.__enable_ssl()`.

This stops the file from being created in /etc/httpd/alias during classic
replica install.

https://pagure.io/freeipa/issue/4639

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
Jan Cholasta 2017-03-14 09:32:17 +01:00 committed by Martin Babinsky
parent b6624594be
commit bbd18cf10f
2 changed files with 2 additions and 2 deletions

View File

@ -635,7 +635,6 @@ class CertDB(object):
self.cacert_name = ca_names[-1]
self.trust_root_cert(self.cacert_name, trust_flags)
self.create_pin_file()
self.export_ca_cert(nickname, False)
def publish_ca_cert(self, location):

View File

@ -838,7 +838,8 @@ class DsInstance(service.Service):
certmonger.modify_ca_helper('IPA', prev_helper)
self.dercert = dsdb.get_cert_from_db(self.nickname, pem=False)
dsdb.create_pin_file()
dsdb.create_pin_file()
self.cacert_name = dsdb.cacert_name