[Freeipa-users] freeipa as organizational CA

[Alexander Bokovoy]

On Mon, 09 May 2016, Andy Thompson wrote:
>Is freeipa in RHEL7.2 able to be used as an organizational CA these
>days?  I have a requirement to set one up and like the IPA interface
>and tools, but can't sort out the current state in 4.2 to decipher
>whether this is possible, or even reasonable to try.  I need to setup
>an org sub CA with an offline root CA
Sub-CA support is coming in FreeIPA 4.4, hopefully. Current code in RHEL
7.2 does not support sub-CA functionality.

>The dogtag pki-ca in 7.2 appears to be missing some pieces, none of the
>management themes seem to be available and the console utilities are
>hit and miss, so I'm looking at this possibility.  Seems like overkill
>but thought I'd toss the idea around.
I think RHCS is a separate product with support on top of RHEL 7. Check
with your Red Hat representatives.
-- 
/ Alexander Bokovoy