Add a --copy' option to certprofile-import, or a separate commandcertprofile-copy',
to make a copy of an existing profile.

An `--output' option (#5091) will make it possible for users to accomplish this, with
additional steps, so this is somewhat less important.

It's very difficult for users to make any sense of profile configuration files. Users need to copy the certificate profiles from /var/lib/pki/pki-tomcatd/ca/profile/ca

Instead it would be nice if there is a option called --template:
ipa certprofile-import --desc="Manual User Dual-Use Certificate Enrollment" --template=user --store=False

ftweedal: Yes, the profile configuration is awful - there are long term plans for a friendlier "profile builder" feature but that will not help current users.

--template concept is feasible, but there is not actually any templating - perhaps --copy <existing-profile-id> argument or even separate command certprofile-copy is clearer?

Niranjan: okay looks good to me.