After doing server and client install on the same machine the CA cert installed in several NSS databases, but the nickname used to refer to the cert is different, they should for consistency and ease of use be referred to by the same name. /etc/httpd/alias: "CA certificate" /etc/pki/nssdb: "IPA CA" /etc/dirsrv/slapd-<ipa_instance>: "CA certificate" I would suggest the name "IPA CA" is preferred as it clearly identifies which CA it is.
Added as trac task https://fedorahosted.org/freeipa/ticket/181
Fixed in 3703062ab25a7817581eefa2f89214e8a6244bee.