def cert_get(inst, basedn, log, args): """Get the details about a server certificate """ tlsdb = NssSsl(dirsrv=inst) details = tlsdb.get_cert_details(args.name) if args.json: log.info( json.dumps( { "type": "certificate", "attrs": { 'nickname': details[0], 'subject': details[1], 'issuer': details[2], 'expires': details[3], 'flags': details[4], } }, indent=4)) else: log.info('Certificate Name: {}'.format(details[0])) log.info('Subject DN: {}'.format(details[1])) log.info('Issuer DN: {}'.format(details[2])) log.info('Expires: {}'.format(details[3])) log.info('Trust Flags: {}'.format(details[4]))
def cacert_add(inst, basedn, log, args): """Add CA certificate """ # Verify file and certificate name os.path.isfile(args.file) tlsdb = NssSsl(dirsrv=inst) if not tlsdb._db_exists(even_partial=True): # we want to be very careful log.info('Security database does not exist. Creating a new one in {}.'. format(inst.get_cert_dir())) tlsdb.reinit() try: tlsdb.get_cert_details(args.name) raise ValueError("Certificate already exists with the same name") except ValueError: pass # Add the cert tlsdb.add_cert(args.name, args.file, ca=True)
def cert_add(inst, basedn, log, args): """Add server certificate """ # Verify file and certificate name os.path.isfile(args.file) tlsdb = NssSsl(dirsrv=inst) if not tlsdb._db_exists(even_partial=True): # we want to be very careful log.info('Security database does not exist. Creating a new one in {}.'. format(inst.get_cert_dir())) tlsdb.reinit() try: tlsdb.get_cert_details(args.name) raise ValueError("Certificate already exists with the same name") except ValueError: pass if args.primary_cert: # This is the server's primary certificate, update RSA entry RSA(inst).set('nsSSLPersonalitySSL', args.name) # Add the cert tlsdb.add_cert(args.name, args.file)