On Wed, May 11, 2016 at 12:06:39PM +, Andy Thompson wrote:
> > Andy, you can install FreeIPA as a sub-CA of your offline root.
> > Support for creating sub-CAs *within* FreeIPA, under the "main"
> > FreeIPA CA (which in your case is a sub-CA of your offline root), is not yet
> > available but I
- Original Message -
> > >
> > >If I can get an exclusion for the sub-CA bits, can that be added at a
> > >later time and just run with a root CA for now? Can it perform all of
> > >the needs of an org CA outside of an IPA environment?
> > Not through the IPA interfaces but standard Dogt
> Andy, you can install FreeIPA as a sub-CA of your offline root.
> Support for creating sub-CAs *within* FreeIPA, under the "main"
> FreeIPA CA (which in your case is a sub-CA of your offline root), is not yet
> available but I am working on that. But if you only need one CA as a sub-CA
> of an o
> >
> >If I can get an exclusion for the sub-CA bits, can that be added at a
> >later time and just run with a root CA for now? Can it perform all of
> >the needs of an org CA outside of an IPA environment?
> Not through the IPA interfaces but standard Dogtag is there, with its (albeit
> a
> bit
On Mon, May 09, 2016 at 10:23:07PM +0300, Alexander Bokovoy wrote:
> On Mon, 09 May 2016, Andy Thompson wrote:
> >Is freeipa in RHEL7.2 able to be used as an organizational CA these
> >days? I have a requirement to set one up and like the IPA interface
> >and tools, but can't sort out the current
On Mon, 09 May 2016, Andy Thompson wrote:
-Original Message-
From: Alexander Bokovoy [mailto:aboko...@redhat.com]
Sent: Monday, May 9, 2016 3:23 PM
To: Andy Thompson
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] freeipa as organizational CA
On Mon, 09 May 2016, Andy
> -Original Message-
> From: Alexander Bokovoy [mailto:aboko...@redhat.com]
> Sent: Monday, May 9, 2016 3:23 PM
> To: Andy Thompson
> Cc: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] freeipa as organizational CA
>
> On Mon, 09 May 2016, Andy Thompson
On Mon, 09 May 2016, Andy Thompson wrote:
Is freeipa in RHEL7.2 able to be used as an organizational CA these
days? I have a requirement to set one up and like the IPA interface
and tools, but can't sort out the current state in 4.2 to decipher
whether this is possible, or even reasonable to try