Alexander Petrenz via FreeIPA-users wrote: > Thanks for your reply. To geht this right: Your said, by using an external ca > or importing additional external CAs to FreeIPA keys won't be imported to > FreeIPA. So that means when using such a setup FreeIPA is not intended to > issue own certificates to clients?
I can't quite parse your question. Think of IPA as its own sub-CA. You'd sign it using your existing CA (or one of the sub-CA's). There is no way to import your sub-CA private keys into IPA to be used for signing. IPA can issue certs for services, hosts and users. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org