When you come across this error "
LDAP Error: Connect error: TLS error -8054:You are attempting to import a cert with the same issuer" enrolling a client to FreeIPA/IDM server, it means that the existing certificate does not match the one on the IDM server and can be fixed quite easily with just one command. The scenario in which this can happen is that you might have had the client enrolled to a different IDM server previously and the old cert is still lying around.
Just run this one command for renaming the old cert and the problem would be solved
# mv /etc/ipa/ca.crt /etc/ipa/ca.crt.old
Re-run the "ipa-client-install" again and you should be good to go
# ipa-client-install --enable-dns-updates --mkhomedir
[root@cacti ~]# ipa-client-install --enable-dns-updates --mkhomedir Discovery was successful! Hostname: cacti.dev.local Realm: DEV.LOCAL DNS Domain: dev.local IPA Server: idm.dev.local BaseDN: dc=dev,dc=local Continue to configure the system with these values? [no]: yes User authorized to enroll computers: farooq.ahmed Synchronizing time with KDC...
All done and you should be good to go. Any issues please contact us/leave your comments.