The deployment procedure for external CA has been modified to generate the CA Certificate Signing Request (CSR) before starting the server. This allows the same procedure to be used for importing a CA certificate from an existing server. In addition, it is no longer required to keep the server running while waiting to get the CSR signed by an external CA.
The "pki ca-cert-request-submit" command now provides options to specify the profile name and the CSR, which is then used to create and populate the request object. As a result, it is no longer necessary to download the request template and insert the CSR manually.
A new "pki-server subsystem-cert-export" command exports a system certificate, the CSR, and the key. This command can be used to migrate a system certificate into another instance.
The manual pages have been updated to reflect these changes.
The installation code for installing an Identity Management (IdM) server with an external CA has been fixed so that IdM can detect whether step 1 of the installation process was completed properly. The code that handles certificate data conversion has been fixed to reformat base-64 data for Privacy Enhanced Mail (PEM) output correctly.