Currently Dogtag stores blobs for the CSRs and the actual certificates in CS.cfg. Can we double-check if they are needed or anything and if not remove them from the file.
# grep "cert=" /etc/pki/pki-tomcat/ca/CS.cfg
# grep "certreq=" /etc/pki/pki-tomcat/ca/CS.cfg
Some code in PKI currently assumes the existence of
these fields. They may well not be needed, but assumptions
like those in  will have to be weakened.
This ticket is out of scope of 4.4.0 release. Moving to 4.4.1. Note that 4.4.1 needs to be triaged, therefore not everything will be implemented.
moving out tickets not implemented in 4.4.1
4.4.2 is a stabilization milestone. If this bug is important stabilization bug then please put it to NEEDS TRIAGE milestone for retriage.
Metadata Update from @tscherf:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog
to comment on this ticket.