From 749deba74575f598de71e759ded3a0e3cf95cbd1 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Mon, 15 Jan 2024 11:55:03 +0700
Subject: [PATCH] Update PKIDeployer.setup_system_cert() to reuse existing key

---
 .../python/pki/server/deployment/__init__.py  | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py
index 8b88fffa7fd..8099b5af20c 100644
--- a/base/server/python/pki/server/deployment/__init__.py
+++ b/base/server/python/pki/server/deployment/__init__.py
@@ -3295,19 +3295,22 @@ def setup_system_cert(self, nssdb, subsystem, tag, system_cert, request):
 
             return
 
-        if cert_info:
-            request.systemCert.keyID = self.find_cert_key(tag, request)
-
-        if not request.systemCert.keyID:
-            request.systemCert.keyID = self.create_cert_key(tag, request)
-
-        logger.info('- key ID: %s', request.systemCert.keyID)
-
         csr_file = subsystem.csr_file(tag)
         if os.path.exists(csr_file):
             logger.info('Reusing %s cert request in %s', tag, csr_file)
 
         else:
+            if cert_info:
+                request.systemCert.keyID = self.find_cert_key(tag, request)
+
+            if request.systemCert.keyID:
+                logger.info('Reusing %s key in NSS database', tag)
+            else:
+                logger.info('Creating new %s key in NSS database', tag)
+                request.systemCert.keyID = self.create_cert_key(tag, request)
+
+            logger.info('- key ID: %s', request.systemCert.keyID)
+
             request.systemCert.request = self.create_cert_request(nssdb, tag, request)
             logger.debug('- request: %s', request.systemCert.request)