Added default value for NSSIssuer extensions

freeipa-pr-ci2 · Jun 22, 2020 · 4f3db1a · 4f3db1a
1 parent 606aa7b
commit 4f3db1a
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 11 deletions.
diff --git a/base/acme/issuer/nss/issuer.conf b/base/acme/issuer/nss/issuer.conf
@@ -1,2 +1 @@
 class=org.dogtagpki.acme.issuer.NSSIssuer
-extensions=/usr/share/pki/acme/issuer/nss/sslserver.conf
diff --git a/base/acme/src/main/java/org/dogtagpki/acme/issuer/NSSIssuer.java b/base/acme/src/main/java/org/dogtagpki/acme/issuer/NSSIssuer.java
@@ -66,15 +66,6 @@ public void init() throws Exception {
         passwordStore.init(passwordsPath.toString());
         nssDatabase.setPasswordStore(passwordStore);
 
-        String extensions = config.getParameter("extensions");
-        if (extensions != null) {
-            logger.info("- extensions: " + extensions);
-
-            Path extPath = instanceDir.resolve(extensions);
-            extGenerator = new NSSExtensionGenerator();
-            extGenerator.init(extPath.toString());
-        }
-
         String nickname = config.getParameter("nickname");
         if (nickname == null) nickname = "ca_signing";
         logger.info("- nickname: " + nickname);
@@ -88,6 +79,14 @@ public void init() throws Exception {
 
             this.monthsValid = new Integer(monthsValid);
         }
+
+        String extensions = config.getParameter("extensions");
+        if (extensions == null) extensions = "/usr/share/pki/acme/issuer/nss/sslserver.conf";
+        logger.info("- extensions: " + extensions);
+
+        Path extPath = instanceDir.resolve(extensions);
+        extGenerator = new NSSExtensionGenerator();
+        extGenerator.init(extPath.toString());
     }
 
     public String issueCertificate(PKCS10 pkcs10) throws Exception {

diff --git a/docs/installation/acme/Configuring_ACME_Issuer.md b/docs/installation/acme/Configuring_ACME_Issuer.md
@@ -52,13 +52,13 @@ Customize the configuration as needed. The issuer.conf should look like the foll
 
 ```
 class=org.dogtagpki.acme.issuer.NSSIssuer
-extensions=/usr/share/pki/acme/issuer/nss/sslserver.conf
 ```
 
 The **nickname** parameter can be used to specify the nickname of the CA signing certificate.
 The default value is **ca_signing**.
 
 The **extensions** parameter can be used to configure the certificate extensions for the issued certificates.
+The default value is **/usr/share/pki/acme/issuer/nss/sslserver.conf**.
 Sample extension configuration files are available at:
 
 * [/usr/share/pki/acme/issuer/nss/sslserver.conf](../../../base/acme/issuer/nss/sslserver.conf)
Original file line number	Diff line number	Diff line change
		@@ -1,2 +1 @@
		class=org.dogtagpki.acme.issuer.NSSIssuer
		extensions=/usr/share/pki/acme/issuer/nss/sslserver.conf