Title: #567: Configure KDC to use certs after they are deployed

martbab commented:
@simo5 actually I found multiple issues during review and concluded that 
setting up PKINIT on DL1 replica never worked correctly actually. Will open 
respective blocker tickets ASAP.

