[Freeipa-users] freeipa as organizational CA
Andy Thompson
Andy.Thompson at e-tcc.com
Mon May 9 20:31:32 UTC 2016
> -----Original Message-----
> From: Alexander Bokovoy [mailto:abokovoy at redhat.com]
> Sent: Monday, May 9, 2016 3:23 PM
> To: Andy Thompson <Andy.Thompson at e-tcc.com>
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] freeipa as organizational CA
>
> On Mon, 09 May 2016, Andy Thompson wrote:
> >Is freeipa in RHEL7.2 able to be used as an organizational CA these
> >days? I have a requirement to set one up and like the IPA interface
> >and tools, but can't sort out the current state in 4.2 to decipher
> >whether this is possible, or even reasonable to try. I need to setup
> >an org sub CA with an offline root CA
> Sub-CA support is coming in FreeIPA 4.4, hopefully. Current code in RHEL
> 7.2 does not support sub-CA functionality.
>
If I can get an exclusion for the sub-CA bits, can that be added at a later time and just run with a root CA for now? Can it perform all of the needs of an org CA outside of an IPA environment?
> >The dogtag pki-ca in 7.2 appears to be missing some pieces, none of the
> >management themes seem to be available and the console utilities are
> >hit and miss, so I'm looking at this possibility. Seems like overkill
> >but thought I'd toss the idea around.
> I think RHCS is a separate product with support on top of RHEL 7. Check with
> your Red Hat representatives.
> --
It is a separate product but our contract doesn't cover it so I am pursuing other options
-andy
More information about the Freeipa-users
mailing list