Set the certmonger subject with a string, not an object

ipa-server-certinstall goes through a slightly different code path
if the replacement certificate is issued by IPA. This was setting
the subject using cert.subject which is a Name object and not the
string representation of that object. This was failing in the
dbus call to certmonger.

https://pagure.io/freeipa/issue/8204

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
This commit is contained in:
Rob Crittenden 2020-09-08 18:38:40 -04:00 committed by Florence Blanc-Renaud
parent 040d48fa61
commit f249c51bf4

View File

@ -170,7 +170,7 @@ class ServerCertInstall(admintool.AdminTool):
if req_id is not None:
certmonger.add_principal(
req_id, 'HTTP/{host}'.format(host=api.env.host))
certmonger.add_subject(req_id, cert.subject)
certmonger.add_subject(req_id, str(DN(cert.subject)))
def replace_kdc_cert(self):
# pass in `realm` to perform `NSSDatabase.verify_kdc_cert_validity()`