For post-mortems, let's make a backup of the client
certificate before renewing them.
Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>
# The hostname of the node is provided with the input data.
hostname = data.get(constants.NDS_NODE_NAME)
- # TODO: make backup of the file before regenerating.
utils.GenerateSignedSslCert(client_cert, serial_no, signing_cert,
common_name=hostname)
common_name, validity * 24 * 60 * 60, serial_no, signing_cert_pem)
utils_io.WriteFile(filename_cert, mode=0440, data=key_pem + cert_pem,
- uid=uid, gid=gid)
+ uid=uid, gid=gid, backup=True)
return (key_pem, cert_pem)