diff --git a/roles/ipatuura/files/local-ipatuura.te b/roles/ipatuura/files/local-ipatuura.te
index 0e084f89c7..6ae80a14ff 100644
--- a/roles/ipatuura/files/local-ipatuura.te
+++ b/roles/ipatuura/files/local-ipatuura.te
@@ -1,18 +1,21 @@
-module local-ipatuura 1.0;
+module local-ipatuura 1.1;
 
 require {
         type httpd_t;
         type sssd_conf_t;
         type realmd_var_lib_t;
         type systemd_logind_t;
-        class file { read write };
+	type certmonger_t;
+        class file { open read unlink write };
         class dbus send_msg;
 }
 
 #============= httpd_t ==============
-allow httpd_t sssd_conf_t:file read;
+allow httpd_t sssd_conf_t:file { read open };
 # Write to /var/lib/ipa-client
 allow httpd_t realmd_var_lib_t:file write;
 # Send messages on DBUS
 allow httpd_t systemd_logind_t:dbus send_msg;
-
+allow httpd_t certmonger_t:dbus send_msg;
+# Remove files in /etc/ipa/nssdb on uninstall
+allow httpd_t cert_t:file unlink;