This involves creating a new CA instance on the replica and using pkisilent
to create a clone of the master CA.
Also generally fixes IPA to work with the latest dogtag SVN tip. A lot of
changes to ports and configuration have been done recently.
Use the requestId we get back from the CA when requesting the RA agent cert
and use that to issue the certificate rather than hardcoding 7.
This also adds some clean-up of file permissions and leaking fds
Notes:
- will create a CA instance (pki-ca) if it doesn't exist
- maintains support for a self-signed CA
- A signing cert is still not created so Firefox autoconfig still won't work
The CA is currently not automatically installed. You have to pass in the
--ca flag to install it.
What works:
- installation
- unistallation
- cert/ra plugins can issue and retrieve server certs
What doesn't work:
- self-signed CA is still created and issues Apache and DS certs
- dogtag and python-nss not in rpm requires
- requires that CS be in the "pre" install state from pkicreate
