I was discussing a issue with @ftweedal and I will continue doing some
I have installed Freeipa with an additional Replica Server, but to me some
concepts are not so clear.
Let' talk about my setup:
Goal: Replace Active Directory Auth on DMZ Network.
Provide SSL Certs for Servers/Services
If possible, Management for MIME/S Certificates(Mail Signing)
Servers(Total: 3 VMs)
ipa1/ipa2: Freeipa Server and Replica
pki1: Datadog installation(external CA for ipa1/ipa2).
I know, Freeipa includes Datadog(and that makes the certificates management
possible), but I needed a Datadog Service to create the external CA for
Now I have some questions:
- Was Datadog Installation "too much"? Probably was better just create a CA
manually with openSSL and import it on ipa1/ipa2?
- Should I use Freeipa as the sub-CA for all Servers/Services and leave
Datadog as a main CA? Do I have an advantage using this setup?
Thanks in Advance!
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org