Title: #526: server install: do not attempt to issue PKINIT cert in CA-less
Updated the PR to also handle CA-less server upgrade.
@abbra, I'm not opposed to the idea of using the local CA to issue the KDC
cert, but if we agree to use it, we should use it in both CA-less and CA-ful -
if the CA does not need to be trusted as you say, using the IPA CA in CA-ful is
meaningless and only adds unnecesary complexity.
See the full comment at
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code