-------- Original Message --------
This patch causes the 'sslserver' certificate for a CA clone
to be signed by its associated master CA during configuration,
and resolves the following bug:
This was necessary to avoid any changes which may have been
made to the X500Name directory string encoding order (i. e. -
creating a Cloned CA on Fedora 20 from a Master CA on Fedora
19).
The code was tested (applying the CAVEAT below) via end-to-end
'pkispawn' installation and batch-based configuration; it has
not yet been tested with GUI-based configuration.
CAVEAT:
During the preparation of this patch it was
discovered that an end-to-end test of functionality cannot be
accomplished due to the 389 TRAC
Ticket #47721 - Schema Replication Issue which prevents
the '99user.ldif' file from being properly replicated from the
Master CA to the Cloned CA. However, I verified that this
code does work by shutting down DS on the cloned CA machine,
manually replacing
'/etc/dirsrv/slapd-<clone>/schema/99user.ldif' with
'/etc/dirsrv/slapd-<master>/schema/99user.ldif,
restarting DS and the Cloned CA, and successfully performing a
test enrollment.