Add test for CA migration to container

A new test has been added to migrate CA from a regular PKI
server (i.e. pki-tomcatd) into a Podman container running as
systemd service. The container will use PKI server's existing
config and log folders.

The container startup scripts have been modified to use the
standard CSR filenames for OCSP signing and audit signing
certs so that the container can find the existing CSRs in the
migrated config folder. The default nicknames have also been
updated for consistency.

.github/workflows/ca-container-basic-test.yml

@@ -208,23 +208,23 @@ jobs:
       - name: Import CA OCSP signing cert into CA database
         run: |
           docker exec ca pki-server cert-export \
-              --cert-file /conf/certs/ocsp_signing.crt \
+              --cert-file /conf/certs/ca_ocsp_signing.crt \
               ca_ocsp_signing
 
           docker exec ca pki-server ca-cert-import \
-              --cert /conf/certs/ocsp_signing.crt \
-              --csr /conf/certs/ocsp_signing.csr \
+              --cert /conf/certs/ca_ocsp_signing.crt \
+              --csr /conf/certs/ca_ocsp_signing.csr \
               --profile /usr/share/pki/ca/conf/caOCSPCert.profile
 
       - name: Import CA audit signing cert into CA database
         run: |
           docker exec ca pki-server cert-export \
-              --cert-file /conf/certs/audit_signing.crt \
+              --cert-file /conf/certs/ca_audit_signing.crt \
               ca_audit_signing
 
           docker exec ca pki-server ca-cert-import \
-              --cert /conf/certs/audit_signing.crt \
-              --csr /conf/certs/audit_signing.csr \
+              --cert /conf/certs/ca_audit_signing.crt \
+              --csr /conf/certs/ca_audit_signing.csr \
               --profile /usr/share/pki/ca/conf/caAuditSigningCert.profile
 
       - name: Import subsystem cert into CA database

.github/workflows/ca-container-existing-certs-test.yml

@@ -78,42 +78,42 @@ jobs:
               nss-cert-request \
               --subject "CN=OCSP Signing Certificate" \
               --ext /usr/share/pki/server/certs/ocsp_signing.conf \
-              --csr $SHARED/certs/ocsp_signing.csr
+              --csr $SHARED/certs/ca_ocsp_signing.csr
           docker exec client pki \
               nss-cert-issue \
               --issuer ca_signing \
-              --csr $SHARED/certs/ocsp_signing.csr \
+              --csr $SHARED/certs/ca_ocsp_signing.csr \
               --ext /usr/share/pki/server/certs/ocsp_signing.conf \
-              --cert $SHARED/certs/ocsp_signing.crt
+              --cert $SHARED/certs/ca_ocsp_signing.crt
           docker exec client pki \
               nss-cert-import \
-              --cert $SHARED/certs/ocsp_signing.crt \
-              ocsp_signing
+              --cert $SHARED/certs/ca_ocsp_signing.crt \
+              ca_ocsp_signing
           docker exec client pki \
               nss-cert-show \
-              ocsp_signing
+              ca_ocsp_signing
 
       - name: Create audit signing cert
         run: |
           docker exec client pki \
               nss-cert-request \
               --subject "CN=Audit Signing Certificate" \
               --ext /usr/share/pki/server/certs/audit_signing.conf \
-              --csr $SHARED/certs/audit_signing.csr
+              --csr $SHARED/certs/ca_audit_signing.csr
           docker exec client pki \
               nss-cert-issue \
               --issuer ca_signing \
-              --csr $SHARED/certs/audit_signing.csr \
+              --csr $SHARED/certs/ca_audit_signing.csr \
               --ext /usr/share/pki/server/certs/audit_signing.conf \
-              --cert $SHARED/certs/audit_signing.crt
+              --cert $SHARED/certs/ca_audit_signing.crt
           docker exec client pki \
               nss-cert-import \
-              --cert $SHARED/certs/audit_signing.crt \
+              --cert $SHARED/certs/ca_audit_signing.crt \
               --trust ,,P \
-              audit_signing
+              ca_audit_signing
           docker exec client pki \
               nss-cert-show \
-              audit_signing
+              ca_audit_signing
 
       - name: Create subsystem cert
         run: |
@@ -184,8 +184,8 @@ jobs:
               --pkcs12 $SHARED/certs/server.p12 \
               --password Secret.123 \
               ca_signing \
-              ocsp_signing \
-              audit_signing \
+              ca_ocsp_signing \
+              ca_audit_signing \
               subsystem \
               sslserver
 
@@ -368,15 +368,15 @@ jobs:
       - name: Import CA OCSP signing cert into CA database
         run: |
           docker exec ca pki-server ca-cert-import \
-              --cert /certs/ocsp_signing.crt \
-              --csr /certs/ocsp_signing.csr \
+              --cert /certs/ca_ocsp_signing.crt \
+              --csr /certs/ca_ocsp_signing.csr \
               --profile /usr/share/pki/ca/conf/caOCSPCert.profile
 
       - name: Import CA audit signing cert into CA database
         run: |
           docker exec ca pki-server ca-cert-import \
-              --cert /certs/audit_signing.crt \
-              --csr /certs/audit_signing.csr \
+              --cert /certs/ca_audit_signing.crt \
+              --csr /certs/ca_audit_signing.csr \
               --profile /usr/share/pki/ca/conf/caAuditSigningCert.profile
 
       - name: Import subsystem cert into CA database

.github/workflows/ca-container-existing-config-test.yml

@@ -129,7 +129,7 @@ jobs:
               $SHARED/certs/ca_signing.csr
           docker exec pki cp \
               /var/lib/pki/pki-tomcat/conf/certs/ca_ocsp_signing.csr \
-              $SHARED/certs/ocsp_signing.csr
+              $SHARED/certs/ca_ocsp_signing.csr
           docker exec pki cp \
               /var/lib/pki/pki-tomcat/conf/certs/ca_audit_signing.csr \
               $SHARED/certs/audit_signing.csr