3 files changed, 13 insertions, 6 deletions

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 9a42d8e01..7a460940b 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -423,6 +423,10 @@ class CAInstance(DogtagInstance):
                           configure_lightweight_ca_acls)
                 self.step("Ensure lightweight CAs container exists",
                           ensure_lightweight_cas_container)
+                if self.clone and not promote:
+                    self.step(
+                        "Ensuring backward compatibility",
+                        self.__dogtag10_migration)
                 self.step("configure certificate renewals", self.configure_renewal)
                 self.step("configure Server-Cert certificate renewal", self.track_servercert)
                 self.step("Configure HTTP to proxy connections",
@@ -1276,6 +1280,15 @@ class CAInstance(DogtagInstance):
             root_logger.warning(
                 "Did not find any lightweight CAs; nothing to track")
 
+    def __dogtag10_migration(self):
+        ld = ldapupdate.LDAPUpdate(ldapi=True, sub_dict={
+            'SUFFIX': api.env.basedn,
+            'FQDN': self.fqdn,
+        })
+        ld.update([os.path.join(paths.UPDATES_DIR,
+                                '50-dogtag10-migration.update')]
+                  )
+
 
 def replica_ca_install_check(config, promote):
     if promote:
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 60d38dc88..b510ec20a 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -854,9 +854,6 @@ def install(installer):
     service.print_msg("Restarting the KDC")
     krb.restart()
 
-    if setup_ca:
-        services.knownservices['pki_tomcatd'].restart('pki-tomcat')
-
     if options.setup_dns:
         dns.install(False, False, options)
     else:
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index fb7188913..21bcd8691 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -935,9 +935,6 @@ def install(installer):
     service.print_msg("Restarting the KDC")
     krb.restart()
 
-    if config.setup_ca:
-        services.knownservices['pki_tomcatd'].restart('pki-tomcat')
-
     if options.setup_dns:
         dns.install(False, True, options)
     else: