From d4e49c454386e3f672ee04cad19407b56671420f Mon Sep 17 00:00:00 2001
From: David Sedgmen <dsedgmen@redhat.com>
Date: Mon, 14 Nov 2022 14:47:10 +0000
Subject: [PATCH] [Train ONLY] remove if statement from local ca check Current
 change will not work reliably. Removing this if statement will just cause the
 script to extract and update the CA trust on each renewal

Change-Id: Ideca344e4aa63b4d988a772f3b0a338eef01a310
---
 files/certmonger-haproxy-refresh.sh | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/files/certmonger-haproxy-refresh.sh b/files/certmonger-haproxy-refresh.sh
index 09ad220ab..4cfd9beb8 100644
--- a/files/certmonger-haproxy-refresh.sh
+++ b/files/certmonger-haproxy-refresh.sh
@@ -21,12 +21,9 @@ ca_path=""
 
 if [ "$certmonger_ca" == "local" ]; then
     ca_path="/etc/pki/ca-trust/source/anchors/cm-local-ca.pem"
-    #check if CA is still valid and update if not
-    if ! openssl verify ${ca_path}; then
     openssl pkcs12 -in /var/lib/certmonger/local/creds -out ${ca_path} -nokeys -nodes -passin pass:''
     chmod 0644 ${ca_path}
     update-ca-trust extract
-    fi
 elif [ "$certmonger_ca" == "IPA" ]; then
     ca_path="/etc/ipa/ca.crt"
 fi