For post-mortems, let's make a backup of the client certificate before renewing them.
Signed-off-by: Helga Velroyen <[email protected]> --- lib/tools/ssl_update.py | 1 - lib/utils/x509.py | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/tools/ssl_update.py b/lib/tools/ssl_update.py index 36453d2..3764e2d 100644 --- a/lib/tools/ssl_update.py +++ b/lib/tools/ssl_update.py @@ -100,7 +100,6 @@ def RegenerateClientCertificate( # The hostname of the node is provided with the input data. hostname = data.get(constants.NDS_NODE_NAME) - # TODO: make backup of the file before regenerating. utils.GenerateSignedSslCert(client_cert, serial_no, signing_cert, common_name=hostname) diff --git a/lib/utils/x509.py b/lib/utils/x509.py index 63ded07..dde88f9 100644 --- a/lib/utils/x509.py +++ b/lib/utils/x509.py @@ -386,7 +386,7 @@ def GenerateSignedSslCert(filename_cert, serial_no, common_name, validity * 24 * 60 * 60, serial_no, signing_cert_pem) utils_io.WriteFile(filename_cert, mode=0440, data=key_pem + cert_pem, - uid=uid, gid=gid) + uid=uid, gid=gid, backup=True) return (key_pem, cert_pem) -- 2.4.3.573.g4eafbef
