URL: https://github.com/freeipa/freeipa/pull/576 Author: flo-renaud Title: #576: Installation must publish CA cert in /usr/share/ipa/html/ca.crt Action: opened
PR body: """ Regression introduced with commit d124e30. ipa-server-install and ipa-replica-install must publish the CA cert in /usr/share/ipa/html/ca.crt, otherwise the web page http://ipaserver.ipadomain.com/ipa/config/ssbrowser.html has a link to http://ipaserver.ipadomain.com/ipa/config/ca.crt but this file is missing. https://pagure.io/freeipa/issue/6750 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/576/head:pr576 git checkout pr576
From 9f7be115b616f04c9661362770f8662f450b60bc Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Mon, 13 Mar 2017 16:12:46 +0100 Subject: [PATCH] Installation must publish CA cert in /usr/share/ipa/html/ca.crt Regression introduced with commit d124e30. ipa-server-install and ipa-replica-install must publish the CA cert in /usr/share/ipa/html/ca.crt, otherwise the web page http://ipaserver.ipadomain.com/ipa/config/ssbrowser.html has a link to http://ipaserver.ipadomain.com/ipa/config/ca.crt but this file is missing. https://pagure.io/freeipa/issue/6750 --- ipaserver/install/httpinstance.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 3e8fb0c..27d0cfe 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -174,6 +174,7 @@ def create_instance(self, realm, fqdn, domain_name, pkcs12_info=None, self.step("configure certmonger for renewals", self.configure_certmonger_renewal_guard) self.step("importing CA certificates from LDAP", self.__import_ca_certs) + self.step("publish CA cert", self.__publish_ca_cert) self.step("clean up any existing httpd ccaches", self.remove_httpd_ccaches) self.step("configuring SELinux for httpd", self.configure_selinux_for_httpd) @@ -422,6 +423,11 @@ def __import_ca_certs(self): subject_base=self.subject_base) self.import_ca_certs(db, self.ca_is_configured) + def __publish_ca_cert(self): + ca_db = certs.CertDB(self.realm, nssdir=paths.HTTPD_ALIAS_DIR, + subject_base=self.subject_base) + ca_db.publish_ca_cert(paths.CA_CRT) + def is_kdcproxy_configured(self): """Check if KDC proxy has already been configured in the past""" return os.path.isfile(paths.HTTPD_IPA_KDCPROXY_CONF)
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code