https://fedorahosted.org/freeipa/ticket/4618 -- David Kupka
From ab15f67ee35d29cd30b6b6d703a000c3cfe3188b Mon Sep 17 00:00:00 2001 From: David Kupka <dku...@redhat.com> Date: Tue, 7 Oct 2014 10:19:09 -0400 Subject: [PATCH] Set IPA CA for freeipa certificates.
In previous versions (before moving certmonger.py to DBus) it was set and some tools and modules depends on it. For example: ipa-getcert uses this to filter freeipa certificates. https://fedorahosted.org/freeipa/ticket/4618 --- ipapython/certmonger.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ipapython/certmonger.py b/ipapython/certmonger.py index b46d65b2fb0149aceee0864774e2ab76623e7730..0291d01b42aa6701b24dcb6905dcffab68a9ba63 100644 --- a/ipapython/certmonger.py +++ b/ipapython/certmonger.py @@ -289,6 +289,9 @@ def start_tracking(nickname, secdir, password_file=None, command=None): params['key-nickname'] = nickname params['key-database'] = os.path.abspath(secdir) params['key-storage'] = 'NSSDB' + ca_path = cm.obj_if.find_ca_by_nickname('IPA') + if ca_path: + params['ca'] = ca_path if command: params['cert-postsave-command'] = command if password_file: -- 1.9.3
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel