From 7b8503173b253860c1059bd40858f2fdffb4ae33 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Apr 19 2017 12:00:38 +0000 Subject: ext. CA: correctly write the cert chain The cert file would have been rewritten all over again with any of the cert in the CA cert chain without this patch. https://pagure.io/freeipa/issue/6872 Reviewed-By: Jan Cholasta --- diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 1c8bb27..d452757 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -786,9 +786,10 @@ class CAInstance(DogtagInstance): certlist = x509.pkcs7_to_pems(data, x509.DER) # We have all the certificates in certlist, write them to a PEM file - for cert in certlist: - with open(paths.IPA_CA_CRT, 'w') as ipaca_pem: + with open(paths.IPA_CA_CRT, 'w') as ipaca_pem: + for cert in certlist: ipaca_pem.write(cert) + ipaca_pem.write('\n') def __request_ra_certificate(self): # create a temp file storing the pwd