diff --git a/SOURCES/0001-Bug-1992337-Double-issuance-of-non-CA-subsystem-cert.patch b/SOURCES/0001-Bug-1992337-Double-issuance-of-non-CA-subsystem-cert.patch
new file mode 100644
index 0000000..f0ec3e0
--- /dev/null
+++ b/SOURCES/0001-Bug-1992337-Double-issuance-of-non-CA-subsystem-cert.patch
@@ -0,0 +1,30 @@
+From 63cf2895f5d5a37bb09f3e889b8584b0bb0dce06 Mon Sep 17 00:00:00 2001
+From: Christina Fu <cfu@redhat.com>
+Date: Wed, 11 Aug 2021 09:19:59 -0700
+Subject: [PATCH] Bug 1992337 - Double issuance of non-CA subsystem certs at
+ installation
+
+This patch removes an extra  profile.submit() call that was accidentally left
+off during manual cherry-picking of another bug (1905374):
+commit 8e78a2b912e7c3bd015e4da1f1630d0f35145104 (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH)
+
+fixes https://bugzilla.redhat.com/show_bug.cgi?id=1905374
+---
+ .../main/java/com/netscape/cms/servlet/cert/CertProcessor.java   | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java b/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java
+index a5626d032..849d6b368 100644
+--- a/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java
++++ b/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java
+@@ -250,7 +250,6 @@ public class CertProcessor extends CAProcessor {
+ 
+                 logger.info("CertProcessor: Submitting certificate request to " + profile.getId() + " profile");
+ 
+-                profile.submit(authToken, req);
+                 profile.submit(authToken, req, explicitApprovalRequired);
+ 
+                 req.setRequestStatus(RequestStatus.COMPLETE);
+-- 
+2.31.1
+
diff --git a/SPECS/pki-core.spec b/SPECS/pki-core.spec
index 680e3b6..0664616 100644
--- a/SPECS/pki-core.spec
+++ b/SPECS/pki-core.spec
@@ -13,7 +13,7 @@ License:          GPLv2 and LGPLv2
 # For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
 # For official (i.e. supported) releases, use x.y.z-r where r >=1.
 Version:          10.11.0
-Release:          1%{?_timestamp}%{?_commit_id}%{?dist}
+Release:          2%{?_timestamp}%{?_commit_id}%{?dist}
 #global           _phase -alpha1
 
 # To create a tarball from a version tag:
@@ -30,6 +30,7 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver
 #     <version tag> \
 #     > pki-VERSION-RELEASE.patch
 # Patch: pki-VERSION-RELEASE.patch
+Patch1: 0001-Bug-1992337-Double-issuance-of-non-CA-subsystem-cert.patch
 
 # md2man isn't available on i686. Additionally, we aren't generally multi-lib
 # compatible (https://fedoraproject.org/wiki/Packaging:Java)
@@ -1361,6 +1362,9 @@ fi
 
 ################################################################################
 %changelog
+* Thu Aug 12 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.0-2
+- Bug 1992337 - Double issuance of non-CA subsystem certs at installation
+
 * Mon Jul 26 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.0-1
 - Rebase to PKI 10.11.0