Description of problem:
Signing a subordinate CA's CSR in IdM is difficult and requires tinkering. This functionality should be built in and present with the product. Please bundle a subordinate CA profile like the one described in the following links  into ipa/IdM.
Version-Release number of selected component (if applicable):
Please read my comments on this RFE in my blog post:
The the reasons outlined there I'm inclined to close this WONTFIX,
but would like additional opinions (including CEE's).
Closing as WONTFIX according to comment 2. If you disagree, please provide arguments for another action.