From 762573b429c4465aabde8d1a7d8b3bdaa1c3b15b Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Tue, 20 Dec 2016 23:29:22 +1000
Subject: [PATCH] Set up DS TLS on replica in CA-less topology

Fixes: https://fedorahosted.org/freeipa/ticket/6226
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
---
 ipaserver/install/dsinstance.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index c93b3b4ff58c4102a9de448247966ad3dd8e4e7c..1249a86d2c4c83eb9426885bfed8910aa3274d21 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -382,7 +382,9 @@ class DsInstance(service.Service):
 
         if self.promote:
             self.step("creating DS keytab", self.__get_ds_keytab)
-            if self.ca_is_configured:
+            if self.pkcs12_info:
+                self.step("configuring ssl for ds instance", self.__enable_ssl)
+            else:
                 self.step("retrieving DS Certificate", self.__get_ds_cert)
             self.step("restarting directory server", self.__restart_instance)
 
-- 
2.9.3