X-Git-Url: https://pwan.org/git/?p=certmaster.git;a=blobdiff_plain;f=certmaster%2Futils.py;h=773b0ebfc5270a83baf2a40f350b669b4d6731d1;hp=76d5b4d579b64ca0d647aa37f6e7481d57f8bfdc;hb=4575d4c9942579a235eb7b46a726ddcd557a2edd;hpb=fc94644e28f0af3ce765ec3f87138b264125dee0

diff --git a/certmaster/utils.py b/certmaster/utils.py
index 76d5b4d..773b0eb 100644
--- a/certmaster/utils.py
+++ b/certmaster/utils.py
@@ -179,6 +179,13 @@ def create_minion_keys():
     if result:
         # print "DEBUG: recieved certificate from certmaster"
         log.debug("received certificate from certmaster %s, storing to %s" % (master_uri, cert_file))
+        if not keypair:
+            keypair = certs.retrieve_key_from_file(key_file)
+        valid = certs.check_cert_key_match(cert_string, keypair)
+        if not valid:
+            log.info("certificate does not match key (run certmaster-ca --clean first?)")
+            sys.stderr.write("certificate does not match key (run certmaster-ca --clean first?)\n")
+            return
         cert_fd = os.open(cert_file, os.O_RDWR|os.O_CREAT, 0644)
         os.write(cert_fd, cert_string)
         os.close(cert_fd)