590d18
From c2a1e876492bc630d3d5f74a2482cf9c94be763d Mon Sep 17 00:00:00 2001
590d18
From: Jan Cholasta <jcholast@redhat.com>
590d18
Date: Tue, 18 Aug 2015 12:51:26 +0200
590d18
Subject: [PATCH] install: Fix replica install with custom certificates
590d18
590d18
https://fedorahosted.org/freeipa/ticket/5226
590d18
590d18
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
590d18
---
590d18
 ipaserver/install/server/replicainstall.py | 17 +++++++++--------
590d18
 1 file changed, 9 insertions(+), 8 deletions(-)
590d18
590d18
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
590d18
index dd8bc0d4bb7d8d9835a3e3e4dc24d1f67199d28f..0725c7763e505ca0cc5a8892414a3c36c557cf1d 100644
590d18
--- a/ipaserver/install/server/replicainstall.py
590d18
+++ b/ipaserver/install/server/replicainstall.py
590d18
@@ -573,14 +573,15 @@ def install(installer):
590d18
     otpd.create_instance('OTPD', config.host_name, config.dirman_password,
590d18
                          ipautil.realm_to_suffix(config.realm_name))
590d18
 
590d18
-    CA = cainstance.CAInstance(
590d18
-        config.realm_name, certs.NSS_DIR,
590d18
-        dogtag_constants=dogtag_constants)
590d18
-    CA.dm_password = config.dirman_password
590d18
-
590d18
-    CA.configure_certmonger_renewal()
590d18
-    CA.import_ra_cert(config.dir + "/ra.p12")
590d18
-    CA.fix_ra_perms()
590d18
+    if ipautil.file_exists(config.dir + "/cacert.p12"):
590d18
+        CA = cainstance.CAInstance(
590d18
+            config.realm_name, certs.NSS_DIR,
590d18
+            dogtag_constants=dogtag_constants)
590d18
+        CA.dm_password = config.dirman_password
590d18
+
590d18
+        CA.configure_certmonger_renewal()
590d18
+        CA.import_ra_cert(config.dir + "/ra.p12")
590d18
+        CA.fix_ra_perms()
590d18
 
590d18
     # The DS instance is created before the keytab, add the SSL cert we
590d18
     # generated
590d18
-- 
590d18
2.4.3
590d18