Have certmonger track the initial Apache and 389-ds server certs.
We don't use certmonger to get certificates during installation because
of the chicken-and-egg problem. This means that the IPA web and ldap
certs aren't being tracked for renewal.
This requires some manual changes to the certmong
Break out install into more steps, add -key_algorithm to pkisilent.
Installing dogtag is quite slow and it isn't always clear that things
are working. This breaks out some restart calls into separate steps to
show some amount of progress. There are still some steps that take more
than a minute
