It is failing while configuring the client parts on the server. Please attach /var/log/ipaclient-install.log as well.
Yes, the client part fails as well.
ipaclient-install-02930848.log is already attached, Comment 3
Let me know if you want it reattached.
Sorry, I loaded the BZ before all attachments had been made.
It is failing trying to add a certificate to /etc/ipa/nssdb, the shared IPA system NSS database. The certutil command-line is logged after obfuscating any possible secrets and it is failing in that obfuscation step on the upper-case eñe (unicode /xd1) in the issuer subject.
Can you provide the output of:
ldapsearch -x -D 'cn=directory manager' -W -b cn=certificates,cn=ipa,cn=etc,dc=example,dc=test
replacing the dc's with the appropriate values for your domain?