On Fri, Jun 07, 2013 at 09:23:48AM -0400, Dmitri Pal wrote:
> >
> > The problem is that if you pass IPA certificates issued by CA2 and
> > point it to CA1 at the same time, it does not work (despite having the
> > complete trust chain).
> 
> But why would you do so? What would be the reason and business case? Why
> not to point to CA2?

Could the business case be an IPA server in DMZ which does not have
access to CA2 but it can get to (public) CA1?

-- 
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to