We recently had an issue where we had to wipe the Profile Manager database and OD certificates were subsequently also having a problem. After recreating the OD CA, we could not get the code signing certificate to return. This is an effective way to correct the issue. Now PM is able to manage devices and the code signing certificate can be used:
1) Delete the OD CA and intermediate CA certificates and private keys from System.keychain.
2) In Terminal.app, delete all of the subfolders in /var/root/Library/Application Support/Certificate Authority/
3) Run the command
sudo slapconfig -createrootcertauthority <Certificate Authority Name> \
<Certificate Authority Admin Email> <Certificate Authority Organization Name>
That should reset the OD CA certificate architecture.