Commit 3ad10ad1 authored by Helga Velroyen's avatar Helga Velroyen

Back up old client.pem files

For post-mortems, let's make a backup of the client
certificate before renewing them.
Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
parent 7de77712
......@@ -100,7 +100,6 @@ def RegenerateClientCertificate(
# The hostname of the node is provided with the input data.
hostname = data.get(constants.NDS_NODE_NAME)
# TODO: make backup of the file before regenerating.
utils.GenerateSignedSslCert(client_cert, serial_no, signing_cert,
common_name=hostname)
......
......@@ -386,7 +386,7 @@ def GenerateSignedSslCert(filename_cert, serial_no,
common_name, validity * 24 * 60 * 60, serial_no, signing_cert_pem)
utils_io.WriteFile(filename_cert, mode=0440, data=key_pem + cert_pem,
uid=uid, gid=gid)
uid=uid, gid=gid, backup=True)
return (key_pem, cert_pem)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment