patch for IPA to allow subjectAltName when requesting certificates

caIPAserviceCert.cfg.diff

Index: /var/lib/pki-ca/profiles/ca/caIPAserviceCert.cfg
===================================================================
--- /var/lib/pki-ca/profiles/ca/caIPAserviceCert.cfg
+++ /var/lib/pki-ca/profiles/ca/caIPAserviceCert.cfg
@@ -10,7 +10,7 @@
 output.list=o1
 output.o1.class_id=certOutputImpl
 policyset.list=serverCertSet
-policyset.serverCertSet.list=1,2,3,4,5,6,7,8,10
+policyset.serverCertSet.list=1,2,3,4,5,6,7,8,10,11
 policyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl
 policyset.serverCertSet.1.constraint.name=Subject Name Constraint
 policyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+
@@ -100,3 +100,8 @@
 policyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl
 policyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default
 policyset.serverCertSet.10.default.params.critical=false
+policyset.serverCertSet.11.constraint.class_id=noConstraintImpl
+policyset.serverCertSet.11.constraint.name=No Constraint
+policyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl
+policyset.serverCertSet.11.default.name=User Supplied Key Usage Extension
+policyset.serverCertSet.11.default.params.userExtOID=2.5.29.17