Steven Jones wrote:

Sorry but I get confused with all the terms, I think its simpler, I dont do 
certs nad have not as far as I know installed a CA.  Except those for things 
like port 443 connections or winsync connections...which are just internal?

No worries, I'm just trying to avoid giving bad advice.

A CA is not optional with IPA. We use it to secure the XML-RPC interface and initial replication agreements. You may not need additional cert capabilities right now but the base IPA install does.

It won't be pleasant if you lose the ability to issue certificates. It may be worthwhile running through the steps in a test set up to be sure things work as outlined.


Freeipa-users mailing list

Reply via email to