def cert_get(inst, basedn, log, args):
"""Get the details about a server certificate
"""
tlsdb = NssSsl(dirsrv=inst)
details = tlsdb.get_cert_details(args.name)
if args.json:
log.info(
json.dumps(
{
"type": "certificate",
"attrs": {
'nickname': details[0],
'subject': details[1],
'issuer': details[2],
'expires': details[3],
'flags': details[4],
}
},
indent=4))
else:
log.info('Certificate Name: {}'.format(details[0]))
log.info('Subject DN: {}'.format(details[1]))
log.info('Issuer DN: {}'.format(details[2]))
log.info('Expires: {}'.format(details[3]))
log.info('Trust Flags: {}'.format(details[4]))
def cacert_add(inst, basedn, log, args):
"""Add CA certificate
"""
# Verify file and certificate name
os.path.isfile(args.file)
tlsdb = NssSsl(dirsrv=inst)
if not tlsdb._db_exists(even_partial=True): # we want to be very careful
log.info('Security database does not exist. Creating a new one in {}.'.
format(inst.get_cert_dir()))
tlsdb.reinit()
try:
tlsdb.get_cert_details(args.name)
raise ValueError("Certificate already exists with the same name")
except ValueError:
pass
# Add the cert
tlsdb.add_cert(args.name, args.file, ca=True)
def cert_add(inst, basedn, log, args):
"""Add server certificate
"""
# Verify file and certificate name
os.path.isfile(args.file)
tlsdb = NssSsl(dirsrv=inst)
if not tlsdb._db_exists(even_partial=True): # we want to be very careful
log.info('Security database does not exist. Creating a new one in {}.'.
format(inst.get_cert_dir()))
tlsdb.reinit()
try:
tlsdb.get_cert_details(args.name)
raise ValueError("Certificate already exists with the same name")
except ValueError:
pass
if args.primary_cert:
# This is the server's primary certificate, update RSA entry
RSA(inst).set('nsSSLPersonalitySSL', args.name)
# Add the cert
tlsdb.add_cert(args.name, args.file)
