def cacert_list(inst, basedn, log, args):
"""List all CA certs
"""
cert_list = []
tlsdb = NssSsl(dirsrv=inst)
certs = tlsdb.list_certs(ca=True)
for cert in certs:
if args.json:
cert_list.append({
"type": "certificate",
"attrs": {
'nickname': cert[0],
'subject': cert[1],
'issuer': cert[2],
'expires': cert[3],
'flags': cert[4],
}
})
else:
log.info('Certificate Name: {}'.format(cert[0]))
log.info('Subject DN: {}'.format(cert[1]))
log.info('Issuer DN: {}'.format(cert[2]))
log.info('Expires: {}'.format(cert[3]))
log.info('Trust Flags: {}\n'.format(cert[4]))
if args.json:
log.info(json.dumps(cert_list, indent=4))
def security_enable(inst, basedn, log, args):
dbpath = inst.get_cert_dir()
tlsdb = NssSsl(dbpath=dbpath)
certs = tlsdb.list_certs()
if len(certs) == 0:
raise ValueError('There are no server certificates in the security ' +
'database, security can not be enabled.')
if len(certs) == 1:
# If there is only cert make sure it is set as the server certificate
RSA(inst).set('nsSSLPersonalitySSL', certs[0][0])
elif args.cert_name is not None:
# A certificate nickname was provided, set it as the server certificate
RSA(inst).set('nsSSLPersonalitySSL', args.cert_name)
# it should now be safe to enable security
Config(inst).set('nsslapd-security', 'on')
