[Pki-devel] [PATCH] TRAC Ticket #816 - pki-tomcat cannot be started after installation of ipa replica with ca [20140225]

This patch causes the 'sslserver' certificate for a CA clone to be signed by its associated master CA during configuration, and resolves the following bug: * Dogtag TRAC Ticket #816 - pki-tomcat cannot be started after installation of ipa replica with ca <https://fedorahosted.org/pki/ticket/816> This was necessary to avoid any changes which may have been made to the X500Name directory string encoding order (i. e. - creating a Cloned CA on Fedora 20 from a Master CA on Fedora 19). The code was tested (applying the CAVEAT below) via end-to-end 'pkispawn' installation and batch-based configuration; it has not yet been tested with GUI-based configuration. *CAVEAT:* During the preparation of this patch it was discovered that an end-to-end test of functionality cannot be accomplished due to the 389 TRAC Ticket #47721 - Schema Replication Issue <https://fedorahosted.org/389/ticket/47721> which prevents the '99user.ldif' file from being properly replicated from the Master CA to the Cloned CA. However, I verified that this code does work by shutting down DS on the cloned CA machine, manually replacing '/etc/dirsrv/slapd-<clone>/schema/99user.ldif' with '/etc/dirsrv/slapd-<master>/schema/99user.ldif, restarting DS and the Cloned CA, and successfully performing a test enrollment.