[Train ONLY] remove if statement from local ca check

Current change will not work reliably. Removing this if statement will just cause the script to extract and update the CA trust on each renewal Change-Id: Ideca344e4aa63b4d988a772f3b0a338eef01a310
2022-11-14 14:47:10 +00:00 · 2022-11-14 14:47:10 +00:00 · d4e49c4543
commit d4e49c4543
parent 2342e636b8
1 changed files with 0 additions and 3 deletions
--- a/files/certmonger-haproxy-refresh.sh
+++ b/files/certmonger-haproxy-refresh.sh
@ -21,12 +21,9 @@ ca_path=""

 if [ "$certmonger_ca" == "local" ]; then
    ca_path="/etc/pki/ca-trust/source/anchors/cm-local-ca.pem"
-    #check if CA is still valid and update if not
-    if ! openssl verify ${ca_path}; then
    openssl pkcs12 -in /var/lib/certmonger/local/creds -out ${ca_path} -nokeys -nodes -passin pass:''
    chmod 0644 ${ca_path}
    update-ca-trust extract
-    fi
 elif [ "$certmonger_ca" == "IPA" ]; then
    ca_path="/etc/ipa/ca.crt"
 fi