[Freeipa-devel] Multiple CA certificates in LDAP, questions
Jan Cholasta
jcholast at redhat.com
Mon Sep 9 09:17:02 UTC 2013
Another question:
Should each IPA service (LDAP, HTTP, PKINIT) have its own distinctive
set of trusted CAs, or is using one set for everything good enough?
Using distinctive sets would allow granular control over what CA is
trusted for what service (e.g. trust CA1 to issue certificates for LDAP
and HTTP, but trust CA2 only to issue certificates for HTTP), but I'm
not sure how useful that would be in the real world.
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list