To create the cacert during ipa-server-install we create a temporary certificate request tempcertreq in the current directory.
This may fail if the current directory is not writable, the temp cert should be created in a safe directory like /var/lib/ipa where we known we have write access
It doesn't write in the current directory but in the directory that the certificate database is being created in.
Created attachment 314360 [details]
Use temporary directory for storing files needed during cert request
Created attachment 326145 [details]
change to out tempdir before calling certutil