Index: /branches/rel_apv_10_7/usr/click/bin/backend/sync_ui.c =================================================================== --- /branches/rel_apv_10_7/usr/click/bin/backend/sync_ui.c (revision 38523) +++ /branches/rel_apv_10_7/usr/click/bin/backend/sync_ui.c (working copy) @@ -941,6 +941,8 @@ //const char *output_file = "/tmp/clone_output.txt"; char *ip = NULL; char localip[INET6_ADDRSTRLEN]; + + char certcmd[1024]; bzero(localip, sizeof(localip)); bzero(peername, sizeof(peername)); @@ -1219,6 +1221,19 @@ #endif ui_clear_config_secondary(); + snprintf(certcmd, 1024, + "/ca/sync/munch -x \"mv -f /ca/conf/webui_server_backup.pem /var/run/webui_server.pem\""); + system(certcmd); + + snprintf(certcmd, 1024, + "/ca/sync/munch -l 'webui off' -f \"config\""); + system(certcmd); + + snprintf(certcmd, 1024, + "/ca/sync/munch -l 'webui on' -f \"config\""); + system(certcmd); + + n = read(fd, buf, sizeof(buf)); if (n <= 0) { printf("Error: unable to read the sync cli file, Sync from failed\n"); Index: /branches/rel_apv_10_7/usr/click/bin/sync/remote =================================================================== --- /branches/rel_apv_10_7/usr/click/bin/sync/remote (revision 38523) +++ /branches/rel_apv_10_7/usr/click/bin/sync/remote (working copy) @@ -278,10 +278,11 @@ # The solution below is done by using 'the certificate that is copy on ca/conf' # and replace it both on 'var/run' and 'ca/conf' + /ca/sync/munch -x "cp -f /ca/conf/webui_server_backup.pem /ca/conf/webui_server.pem" - /ca/sync/munch -x "mv -f /ca/conf/webui_server_backup.pem /var/run/webui_server.pem" - /ca/sync/munch -l 'webui off' -f "config" - /ca/sync/munch -l 'webui on' -f "config" + + # However, only move to 'var/run' after 'ui_clear_config_secondary' in sync_ui.c + # Because 'ui_clear_config_secondary' resets the certificate to its default state, so make sure to do it afterward else #For FIPS case, need to create a one-line file for '/ca/sync/log/from' so that it passes the existence/read check in 'sync_ui.c' for 'sync from' case.