Please review the attached patch which addresses:

• PKI TRAC Ticket #1669 - adminEnroll servlet EnrollSuccess.template succeeds but fails on import into browser

This was tested on Fedora 23 by doing the following:

• installed and configured a CA
• Successfully tested enrollment in a browser after importing the original Admin certificate
• systemctl stop pki-tomcatd@pki-tomcat.service
• edited /etc/pki/pki-tomcat/ca/CS.cfg to set:
• ca.Policy.enable=true
•  cmsgateway.enableAdminEnroll=true
• systemctl start pki-tomcatd@pki-tomcat.service
• created a new Firefox profile
• traversed to the EE page, went to the Retrieval tab, imported the CA cert, and trusted it
• within this new profile, traversed to https://pki.example.com:8443/ca/admin/ca/adminEnroll.html, and filled out the form
• with this patch installed, it should generate a new admin certificate and import it successfully into this new profile -- to check, attempt to use the imported admin certificate to traverse to the Agents page