URL: https://github.com/freeipa/freeipa/pull/151 Author: stlaz Title: #151: Make httpd publish its CA certificate on DL1 Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/151/head:pr151 git checkout pr151
From f71bb9e91758072d8c4c7c695f859ac6d4807242 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Tue, 11 Oct 2016 15:48:47 +0200 Subject: [PATCH] Make httpd publish its CA certificate on DL1 httpd did not publish its certificate on DL1 which could cause issues during client installation in a rare corner case where there would be no way of getting the certificate but from a HTTP instance. https://fedorahosted.org/freeipa/ticket/6393 --- ipaserver/install/httpinstance.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 60d62c0..b102c82 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -171,8 +171,7 @@ def create_instance(self, realm, fqdn, domain_name, dm_password=None, self.step("setting up httpd keytab", self.__create_http_keytab) self.step("setting up ssl", self.__setup_ssl) self.step("importing CA certificates from LDAP", self.__import_ca_certs) - if not self.promote: - self.step("publish CA cert", self.__publish_ca_cert) + self.step("publish CA cert", self.__publish_ca_cert) self.step("clean up any existing httpd ccache", self.remove_httpd_ccache) self.step("configuring SELinux for httpd", self.configure_selinux_for_httpd) if not self.is_kdcproxy_configured():
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
