mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
Set the certmonger subject with a string, not an object
ipa-server-certinstall goes through a slightly different code path if the replacement certificate is issued by IPA. This was setting the subject using cert.subject which is a Name object and not the string representation of that object. This was failing in the dbus call to certmonger. https://pagure.io/freeipa/issue/8204 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
This commit is contained in:
parent
040d48fa61
commit
f249c51bf4
@ -170,7 +170,7 @@ class ServerCertInstall(admintool.AdminTool):
|
||||
if req_id is not None:
|
||||
certmonger.add_principal(
|
||||
req_id, 'HTTP/{host}'.format(host=api.env.host))
|
||||
certmonger.add_subject(req_id, cert.subject)
|
||||
certmonger.add_subject(req_id, str(DN(cert.subject)))
|
||||
|
||||
def replace_kdc_cert(self):
|
||||
# pass in `realm` to perform `NSSDatabase.verify_kdc_cert_validity()`
|
||||
|
Loading…
Reference in New Issue
Block a user