Included certificate profiles and CA ACLs were not added during replica installation. As a consequence, certificate issuance failed on Red Hat Enterprise Linux 7.2 IdM replicas created from IdM masters prior to 7.2. Now, certificate profiles and CA ACLs are in place. Additionally, the default CA ACL cannot be deleted. As a result, certificate profiles and CA ACLs are now added if missing when installing a replica regardless of the version of the IdM master. The default CA ACL, hosts_services_caIPAserviceCert, can no longer be deleted, only disabled.