On 3/20/20 12:32 PM, Alex P via FreeIPA-users wrote:
I continued setting this up. From the externally signed ipa root CA I was
trying to create
a nested structure of additional CAs. However this doesn't seem to be
supported. Is
that correct? Here is similar of what I tried:
Root (externally si
> I continued setting this up. From the externally signed ipa root CA I was
> trying to create
> a nested structure of additional CAs. However this doesn't seem to be
> supported. Is
> that correct? Here is similar of what I tried:
>
> Root (externally signed)
> | - external CA
> | - se
I continued setting this up. From the externally signed ipa root CA I was
trying to create a nested structure of additional CAs. However this doesn't
seem to be supported. Is that correct? Here is similar of what I tried:
Root (externally signed)
| - external CA
| - servers CA
That's exactly what I meant. Thanks for the clarification!
Alex
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedorap
Alexander Petrenz via FreeIPA-users wrote:
> Thanks for your reply. To geht this right: Your said, by using an external ca
> or importing additional external CAs to FreeIPA keys won't be imported to
> FreeIPA. So that means when using such a setup FreeIPA is not intended to
> issue own certifica
Sorry I guess I got confused on this. There would be still the key of the
FreeIPA internal CA Certificate which was signed by the external CA and this
can be used for issuing certificates. However as far as I understood, there can
only be one externally signed CA certificate - the one handled du
Thanks for your reply. To geht this right: Your said, by using an external ca
or importing additional external CAs to FreeIPA keys won't be imported to
FreeIPA. So that means when using such a setup FreeIPA is not intended to issue
own certificates to clients?
___
On 3/11/20 5:01 PM, Alexander Petrenz via FreeIPA-users wrote:
Hi,
I'm new to FreeIPA and I have a conceptual question.
I have an existing PKI-Infrastructure with one root CA and three derived
Sub-CAs.
Now I want to change the PKI-Management to FreeIPA without replacing the
already existing Su