Issue 50952- SSCA lacks basicConstraint:CA
Bug Description:
SSCA CA cert lacks basicConstraint:CA and for that reason it may not be
acknowledged as a CA cert by some tools, e.g. in case of system-wide
update-ca-trust tool.
Fix Description:
Add the constraint while generating the cert. And yes, we need to use stdin
since certutil does not provide a silent mode for this option.
Fixes https://pagure.io/389-ds-base/issue/50952
Author: Matus Honek <mhonek@redhat.com>
Review by: Mark, William (thanks!)