Currently if certmonger sends 'profile' or 'cacn' argument to
ipa cert_request method, and it fails, it may interpret as an
unrecognised argument, strip the argument and retry.
It should not retry without the argument, because this could
result in cert being issued with unexpected profile or from
wrong CA (or failing again due to the new combination being
denied by CA ACLs).
Mailing list discussion: https://email@example.com/thread/KWGVMVSZ4LTIVTYZL2NTMX3HF6ODUHRI/
Metadata Update from @ftweedal:
- Issue set to the milestone: 0.0 NEEDS_TRIAGE
to comment on this ticket.