When issuing certificates in the RA Web there is a multi-step process internally that does addUser then createCertificate. If addUser fails, it will try to clean up and delete the old user. The cleanup can clean up existing users as well, deleting them, which is not good.
- Have an end entity profile and certificate profile that lets you issue a certificate directly by "Make new request" in the RA Web, i.e. no approvals are needed.
- add an end entity in the admin GUI
- Go to RA web and "make new request", fill in the fields and use the same username as in the admin GUI also in the RA web.
- Click "download PEM"
- an error ẃill occur "USER_ALREADY_EXISTS"
- check in the admin GUI now, the user has been deleted