Hi everyone,
We have a small-ish RHEL 7 IdM (4.6.8) domain that is currently running with a self-signed root CA. All is well and good, except we've been told that we have to play nice with the rest of the organization now, which includes changing the self-signed root CA in to an intermediate CA. I remember a discussion on here about converting an IdM root CA in to an intermediate CA, but for the life of me I can't find the discussion or any related documentation. (Was I hallucinating?) So: * Is what I'm talking about even possible? * If it is possible, is there some documentation somewhere where I can read up on the process and potential risks? * If it isn't possible, short of creating a new domain[1] and moving all of the clients to it, what might work here? [1] - I'm not against this, however, we have several replica IdM servers at remote sites that are on the other end of low-bandwidth high-latency satellite links. Having the various IdM servers talk amongst themselves for regular domain updates hasn't been a problem. We've never been able to create a new replica at our remote sites though. Thank you all for your time, Chad -- Chad Schrock, he/him Supporting MIT Lincoln Laboratory, Lexington, MA
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
