Description of problem: Copying a csr to the engine, singing it, and copying back the signed cert is annoying and error-prone. It should be possible to provide engine-setup root access on the engine server and have it do everything automatically. It must also still be possible to avoid providing such access.
*** Bug 1144309 has been marked as a duplicate of this bug. ***
can be verified once we get a build where https://bugzilla.redhat.com/show_bug.cgi?id=1150498 is fixed
oVirt 3.5 has been released and should include the fix for this issue.