From c2a1e876492bc630d3d5f74a2482cf9c94be763d Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Tue, 18 Aug 2015 12:51:26 +0200
Subject: [PATCH] install: Fix replica install with custom certificates

https://fedorahosted.org/freeipa/ticket/5226

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
---
 ipaserver/install/server/replicainstall.py | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index dd8bc0d4bb7d8d9835a3e3e4dc24d1f67199d28f..0725c7763e505ca0cc5a8892414a3c36c557cf1d 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -573,14 +573,15 @@ def install(installer):
     otpd.create_instance('OTPD', config.host_name, config.dirman_password,
                          ipautil.realm_to_suffix(config.realm_name))
 
-    CA = cainstance.CAInstance(
-        config.realm_name, certs.NSS_DIR,
-        dogtag_constants=dogtag_constants)
-    CA.dm_password = config.dirman_password
-
-    CA.configure_certmonger_renewal()
-    CA.import_ra_cert(config.dir + "/ra.p12")
-    CA.fix_ra_perms()
+    if ipautil.file_exists(config.dir + "/cacert.p12"):
+        CA = cainstance.CAInstance(
+            config.realm_name, certs.NSS_DIR,
+            dogtag_constants=dogtag_constants)
+        CA.dm_password = config.dirman_password
+
+        CA.configure_certmonger_renewal()
+        CA.import_ra_cert(config.dir + "/ra.p12")
+        CA.fix_ra_perms()
 
     # The DS instance is created before the keytab, add the SSL cert we
     # generated
-- 
2.4.3