Please review the attached patch which addresses the following issue:
* PKI TRAC Ticket #1144 - pkispawn needs option to specify ca cert for
ldap <
https://fedorahosted.org/pki/ticket/1144>
Using my Fedora 21 laptop, I was able to successfully install and
configure a Directory Server to use LDAPS (documented procedure in
attached 'pkispawn' man page), and was able to use the exported
Directory Server CA certificate to successfully install and configure a
CA using this CA certificate in conjunction with the secure Directory
Server.
I verified that the two servers were speaking TLS by checking
/var/log/dirsrv/slapd-pki/access:
* TLS1.2 128-bit AES-GCM
Additionally, I successfully installed an OCSP subsystem into this
shared PKI instance.
For the CA, I successfully tested both non-interactive as well as
interactive modes of pkispawn.
Thanks,
-- Matt