In X509CAImpl there is a bit of code that, if CT is enabled,
1. submits a pre-certificate with a poison extension
2. fetches SCTs using the CertificateTransparency interface (CertificateTransparencyImpl class).
2. generates a certificate with the retrieved SCTs.
We should add a test in X509CAUnitTest, with a mocked CertificateTransparency implementation, that tests these steps.