Fix root CA certificate path in step-keypair tools

merlinz01 · Nov 1, 2024 · 668d296 · 668d296
1 parent b5137f0
commit 668d296
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,12 @@
 
 This is the changelog for RedPepper.
 
+## [Unreleased]
+
+### Fixed
+
+- Fix root ca certificate path in step-keypair tools.
+
 ## [0.1.2]
 
 ### Fixed

diff --git a/src/tools/redpepper/tools/entrypoint.py b/src/tools/redpepper/tools/entrypoint.py
@@ -161,7 +161,7 @@ def install_step_keypair_agent(
         f.write(f'tls_cert_file: "{cert_file}"\n')
         f.write(f'tls_key_file: "{key_file}"\n')
         f.write("tls_key_password:\n")
-        f.write(f'tls_ca_file: "{steppath}/certs/root_ca.crt"\n')
+        f.write(f'tls_ca_file: "{steppath}/authorities/redpepper/certs/root_ca.crt"\n')
         f.write(f"tls_check_hostname: {str(check_hostname).lower()}\n")
 
     if install_renew_cron_job:
@@ -222,7 +222,7 @@ def install_step_keypair_manager(
         f.write(f'tls_cert_file: "{cert_file}"\n')
         f.write(f'tls_key_file: "{key_file}"\n')
         f.write("tls_key_password:\n")
-        f.write(f'tls_ca_file: "{steppath}/certs/root_ca.crt"\n')
+        f.write(f'tls_ca_file: "{steppath}/authorities/redpepper/certs/root_ca.crt"\n')
         f.write(f"tls_check_hostname: {str(check_hostname).lower()}\n")
 
     if install_renew_cron_job:

diff --git a/src/tools/redpepper/tools/step_ca_keypair.py b/src/tools/redpepper/tools/step_ca_keypair.py
@@ -87,7 +87,9 @@ def get_step_ca_root_fingerprint(steppath: str, stepbinary: str) -> str:
                 stepbinary,
                 "certificate",
                 "fingerprint",
-                os.path.join(steppath, "certs", "root_ca.crt"),
+                os.path.join(
+                    steppath, "authorities", "redpepper", "certs", "root_ca.crt"
+                ),
             ]
         )
         .decode()