[Freeipa-devel] [freeipa] #3668: CA-less install fails when intermediate CA is used
Jan Pazdziora
jpazdziora at redhat.com
Wed Jun 12 08:06:20 UTC 2013
On Fri, Jun 07, 2013 at 09:23:48AM -0400, Dmitri Pal wrote:
> >
> > The problem is that if you pass IPA certificates issued by CA2 and
> > point it to CA1 at the same time, it does not work (despite having the
> > complete trust chain).
>
> But why would you do so? What would be the reason and business case? Why
> not to point to CA2?
Could the business case be an IPA server in DMZ which does not have
access to CA2 but it can get to (public) CA1?
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-devel
mailing list