From 3ee73ed6d739a9d89dadd78f37388e8cfdba143b Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Tue, 18 Apr 2017 17:17:48 +0200 Subject: [PATCH] ext. CA: correctly write the cert chain The cert file would have been rewritten all over again with any of the cert in the CA cert chain without this patch. https://pagure.io/freeipa/issue/6872 Reviewed-By: Jan Cholasta --- ipaserver/install/cainstance.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index ac5d9e2fc633c5ad732670245b72bee0f03268a6..e2070e39f7e162fcff6e1f8cca41218e440b5f58 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -783,9 +783,10 @@ class CAInstance(DogtagInstance): certlist = x509.pkcs7_to_pems(data, x509.DER) # We have all the certificates in certlist, write them to a PEM file - for cert in certlist: - with open(paths.IPA_CA_CRT, 'w') as ipaca_pem: + with open(paths.IPA_CA_CRT, 'w') as ipaca_pem: + for cert in certlist: ipaca_pem.write(cert) + ipaca_pem.write('\n') def __request_ra_certificate(self): # create a temp file storing the pwd -- 2.12.2