mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
certs: do not implicitly create DS pin.txt
Do not implicitly create DS pin.txt in `CertDB.init_from_pkcs12()`, create it explicitly in `DSInstance.__enable_ssl()`. This stops the file from being created in /etc/httpd/alias during classic replica install. https://pagure.io/freeipa/issue/4639 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
parent
b6624594be
commit
bbd18cf10f
@ -635,7 +635,6 @@ class CertDB(object):
|
||||
self.cacert_name = ca_names[-1]
|
||||
self.trust_root_cert(self.cacert_name, trust_flags)
|
||||
|
||||
self.create_pin_file()
|
||||
self.export_ca_cert(nickname, False)
|
||||
|
||||
def publish_ca_cert(self, location):
|
||||
|
@ -838,7 +838,8 @@ class DsInstance(service.Service):
|
||||
certmonger.modify_ca_helper('IPA', prev_helper)
|
||||
|
||||
self.dercert = dsdb.get_cert_from_db(self.nickname, pem=False)
|
||||
dsdb.create_pin_file()
|
||||
|
||||
dsdb.create_pin_file()
|
||||
|
||||
self.cacert_name = dsdb.cacert_name
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user