Merge "[Train ONLY] remove if statement from local ca check Current change will not work reliably. Removing this if statement will just cause the script to extract and update the CA trust on each renewal" into stable/train

This commit is contained in:
Zuul 2022-11-15 15:33:31 +00:00 committed by Gerrit Code Review
commit 0ab70ac702

@ -21,12 +21,9 @@ ca_path=""
if [ "$certmonger_ca" == "local" ]; then
ca_path="/etc/pki/ca-trust/source/anchors/cm-local-ca.pem"
#check if CA is still valid and update if not
if ! openssl verify ${ca_path}; then
openssl pkcs12 -in /var/lib/certmonger/local/creds -out ${ca_path} -nokeys -nodes -passin pass:''
chmod 0644 ${ca_path}
update-ca-trust extract
fi
elif [ "$certmonger_ca" == "IPA" ]; then
ca_path="/etc/ipa/ca.crt"
fi