ext. CA: correctly write the cert chain

The cert file would have been rewritten all over again with any of the cert in the CA cert chain without this patch. https://pagure.io/freeipa/issue/6872
freeipa · Apr 18, 2017 · 3cb951e · 3cb951e
1 parent ed3c00e
commit 3cb951e
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
@@ -786,9 +786,10 @@ def __export_ca_chain(self):
         certlist = x509.pkcs7_to_pems(data, x509.DER)
 
         # We have all the certificates in certlist, write them to a PEM file
-        for cert in certlist:
-            with open(paths.IPA_CA_CRT, 'w') as ipaca_pem:
+        with open(paths.IPA_CA_CRT, 'w') as ipaca_pem:
+            for cert in certlist:
                 ipaca_pem.write(cert)
+                ipaca_pem.write('\n')
 
     def __request_ra_certificate(self):
         # create a temp file storing the pwd