7120ecb Ticket 50694 - import PEM certs on startup

Authored and Committed by firstyear 4 years ago
    Ticket 50694 - import PEM certs on startup
    
    Bug Description: To make container setup easier, given TLS
    material in defined locations we should convert these into
    a functional nssdb
    
    Fix Description: Provided that we have:
    
    * /data/config/pwdfile.txt
    * /data/tls/server.key
    * /data/tls/server.crt
    * /data/tls/ca/*.crt
    
    There are imported into the nssdb as such:
    
    /data/tls/ca/ca.crt                                          C,,
    Server-Cert                                                  u,u,u
    
    This works on restarts, changes of keys, etc. IE to replace these,
    just change out the pem files, and restart, and we "do the right
    thing". Importantly, this will allow a much easier deployment of
    containerised 389-ds with let's encrypt!
    
    https://pagure.io/389-ds-base/issue/50694
    
    Author: William Brown <william@blackhats.net.au>
    
    Review by: mreynolds, mhonek (thanks)
    
        
file modified
+52 -1