def configure_renewal(self):
""" Configure certmonger to renew system certs """
pin = self.__get_pin()
for nickname, profile in self.tracking_reqs:
try:
certmonger.dogtag_start_tracking(
ca='dogtag-ipa-ca-renew-agent',
nickname=nickname,
pin=pin,
pinfile=None,
secdir=self.nss_db,
pre_command='stop_pkicad',
post_command='renew_ca_cert "%s"' % nickname,
profile=profile)
except RuntimeError as e:
self.log.error(
"certmonger failed to start tracking certificate: %s", e)
def configure_renewal(self):
""" Configure certmonger to renew system certs """
pin = self.__get_pin()
for nickname, profile in self.tracking_reqs:
try:
certmonger.dogtag_start_tracking(
ca='dogtag-ipa-ca-renew-agent',
nickname=nickname,
pin=pin,
pinfile=None,
secdir=self.nss_db,
pre_command='stop_pkicad',
post_command='renew_ca_cert "%s"' % nickname,
profile=profile)
except RuntimeError as e:
self.log.error(
"certmonger failed to start tracking certificate: %s", e)
def track_servercert(self):
"""
Specifically do not tell certmonger to restart the CA. This will be
done by the renewal script, renew_ca_cert once all the subsystem
certificates are renewed.
"""
pin = self.__get_pin()
try:
certmonger.dogtag_start_tracking(
ca='dogtag-ipa-renew-agent',
nickname=self.server_cert_name,
pin=pin,
pinfile=None,
secdir=self.nss_db,
pre_command='stop_pkicad',
post_command='renew_ca_cert "%s"' % self.server_cert_name)
except RuntimeError as e:
self.log.error(
"certmonger failed to start tracking certificate: %s" % e)
def track_servercert(self):
"""
Specifically do not tell certmonger to restart the CA. This will be
done by the renewal script, renew_ca_cert once all the subsystem
certificates are renewed.
"""
pin = self.__get_pin()
try:
certmonger.dogtag_start_tracking(
ca='dogtag-ipa-renew-agent',
nickname=self.server_cert_name,
pin=pin,
pinfile=None,
secdir=self.nss_db,
pre_command='stop_pkicad',
post_command='renew_ca_cert "%s"' % self.server_cert_name)
except RuntimeError as e:
self.log.error(
"certmonger failed to start tracking certificate: %s" % e)
