Hi all,

I was discussing a issue with @ftweedal and I will continue doing some
questions here.

I have installed Freeipa with an additional Replica Server, but to me some
concepts are not so clear.

Let' talk about my setup:

Goal: Replace Active Directory Auth on DMZ Network.
          Provide SSL Certs for Servers/Services
          If possible, Management for  MIME/S Certificates(Mail Signing)


Servers(Total: 3 VMs)
ipa1/ipa2: Freeipa Server and Replica
pki1: Datadog installation(external CA for ipa1/ipa2).

I know, Freeipa includes Datadog(and that makes the certificates management
possible), but I needed a Datadog Service to create the external CA for

Now I have some questions:

- Was Datadog Installation "too much"? Probably was better just create a CA
manually with openSSL and import it on ipa1/ipa2?
- Should I use Freeipa as the sub-CA for all Servers/Services and leave
Datadog as a main CA? Do I have an advantage using this setup?

Thanks in Advance!

Best Regards,


Gabriel Stein
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to