On Fri, Jun 07, 2013 at 09:23:48AM -0400, Dmitri Pal wrote:
> > The problem is that if you pass IPA certificates issued by CA2 and
> > point it to CA1 at the same time, it does not work (despite having the
> > complete trust chain).
> But why would you do so? What would be the reason and business case? Why
> not to point to CA2?
Could the business case be an IPA server in DMZ which does not have
access to CA2 but it can get to (public) CA1?
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat
Freeipa-devel mailing list