f32e683 Add cert checks in ipa-server-certinstall

1 file Authored by frenaud 7 years ago, Committed by jcholast 7 years ago,
    Add cert checks in ipa-server-certinstall
    
    When ipa-server-certinstall is called to install a new server certificate,
    the prerequisite is that the certificate issuer must be already known by IPA.
    This fix adds new checks to make sure that the tool exits before
    modifying the target NSS database if it is not the case.
    The fix consists in creating a temp NSS database with the CA certs from the
    target NSS database + the new server cert and checking the new server cert
    validity.
    
    https://fedorahosted.org/freeipa/ticket/6263
    
    Reviewed-By: Jan Cholasta <jcholast@redhat.com>