Description of problem:

During install I want to be able to provide a Root or Intermediate CA that tomcat can use instead of using self-signed certs. This CA would also be used by Candlepin to sign and issue certificates to clients that register to Satellite via subscription-manager.

linked to https://bugzilla.redhat.com/show_bug.cgi?id=1294959 comment 23