certs: do not implicitly create DS pin.txt

Do not implicitly create DS pin.txt in `CertDB.init_from_pkcs12()`, create it explicitly in `DSInstance.__enable_ssl()`. This stops the file from being created in /etc/httpd/alias during classic replica install. https://pagure.io/freeipa/issue/4639 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
freeipa · Mar 22, 2017 · bbd18cf · bbd18cf
1 parent b662459
commit bbd18cf
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
@@ -635,7 +635,6 @@ def init_from_pkcs12(self, pkcs12_fname, pkcs12_passwd,
         self.cacert_name = ca_names[-1]
         self.trust_root_cert(self.cacert_name, trust_flags)
 
-        self.create_pin_file()
         self.export_ca_cert(nickname, False)
 
     def publish_ca_cert(self, location):

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
@@ -838,7 +838,8 @@ def __enable_ssl(self):
                 certmonger.modify_ca_helper('IPA', prev_helper)
 
             self.dercert = dsdb.get_cert_from_db(self.nickname, pem=False)
-            dsdb.create_pin_file()
+
+        dsdb.create_pin_file()
 
         self.cacert_name = dsdb.cacert_name