Merge "[Train ONLY] remove if statement from local ca check Current change will not work reliably. Removing this if statement will just cause the script to extract and update the CA trust on each renewal" into stable/train
This commit is contained in:
commit
0ab70ac702
@ -21,12 +21,9 @@ ca_path=""
|
||||
|
||||
if [ "$certmonger_ca" == "local" ]; then
|
||||
ca_path="/etc/pki/ca-trust/source/anchors/cm-local-ca.pem"
|
||||
#check if CA is still valid and update if not
|
||||
if ! openssl verify ${ca_path}; then
|
||||
openssl pkcs12 -in /var/lib/certmonger/local/creds -out ${ca_path} -nokeys -nodes -passin pass:''
|
||||
chmod 0644 ${ca_path}
|
||||
update-ca-trust extract
|
||||
fi
|
||||
elif [ "$certmonger_ca" == "IPA" ]; then
|
||||
ca_path="/etc/ipa/ca.crt"
|
||||
fi
|
||||
|
Loading…
x
Reference in New Issue
Block a user