To create the cacert during ipa-server-install we create a temporary certificate request tempcertreq in the current directory. This may fail if the current directory is not writable, the temp cert should be created in a safe directory like /var/lib/ipa where we known we have write access
It doesn't write in the current directory but in the directory that the certificate database is being created in.
Created attachment 314360 [details] Use temporary directory for storing files needed during cert request
master: 548c169c5ac1f16e75838d897cccafce61b21dc0
Created attachment 326145 [details] change to out tempdir before calling certutil
master: ed61f0bf3417ce4c360d7bd366d2f65b39d2755f