On Mon, 09 May 2016, Andy Thompson wrote:
Is freeipa in RHEL7.2 able to be used as an organizational CA these days? I have a requirement to set one up and like the IPA interface and tools, but can't sort out the current state in 4.2 to decipher whether this is possible, or even reasonable to try. I need to setup an org sub CA with an offline root CA
Sub-CA support is coming in FreeIPA 4.4, hopefully. Current code in RHEL 7.2 does not support sub-CA functionality.
The dogtag pki-ca in 7.2 appears to be missing some pieces, none of the management themes seem to be available and the console utilities are hit and miss, so I'm looking at this possibility. Seems like overkill but thought I'd toss the idea around.
I think RHCS is a separate product with support on top of RHEL 7. Check with your Red Hat representatives. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project