Moving ipaCert from HTTPD_ALIAS_DIR

The "ipaCert" nicknamed certificate is not required to be
in /var/lib/ipa/radb NSSDB anymore as we were keeping a copy
of this file in a separate file anyway. Remove it from there
and track only the file. Remove the IPA_RADB_DIR as well as
it is not required anymore.

https://fedorahosted.org/freeipa/ticket/5695
https://fedorahosted.org/freeipa/ticket/6680

Reviewed-By: Jan Cholasta <jcholast@redhat.com>

ipaserver/install/dogtaginstance.py

@@ -21,17 +21,13 @@ import base64
 import ldap
 import os
 import shutil
-import tempfile
 import traceback
 import dbus
-import pwd
 
 from pki.client import PKIConnection
 import pki.system
 
 from ipalib import api, errors
-
-from ipalib.constants import IPAAPI_USER
 from ipalib.install import certmonger
 from ipaplatform import services
 from ipaplatform.constants import constants
@@ -72,27 +68,6 @@ def is_installing_replica(sys_type):
         return False
 
 
-def export_ra_agent_pem():
-    """
-    Export ipaCert with private key for client authentication.
-    """
-    fd, filename = tempfile.mkstemp(dir=paths.IPA_RADB_DIR)
-    os.close(fd)
-
-    args = ["/usr/bin/pki",
-            "-d", paths.IPA_RADB_DIR,
-            "-C", os.path.join(paths.IPA_RADB_DIR, 'pwdfile.txt'),
-            "client-cert-show", "ipaCert",
-            "--client-cert", filename]
-    ipautil.run(args)
-
-    pent = pwd.getpwnam(IPAAPI_USER)
-    os.chown(filename, 0, pent.pw_gid)
-    os.chmod(filename, 0o440)
-
-    os.rename(filename, paths.RA_AGENT_PEM)
-
-
 class DogtagInstance(service.Service):
     """
     This is the base class for a Dogtag 10+ instance, which uses a