Hi All,
We are doing a PoC of FreeIPA using a Sub CA issued by ms-ca as the CA for FreeIPA. One of
the test cases laid out by our security team is that we need to be able to issue Sub CA
certs for each FreeIPA replica so that we are able to revoke one of the Sub CAs and still
have a functioning FreeIPA stack. However I haven't been able to find a way to have an
issued Sub CA cert per replica server, or how to have a FreeIPA replica register that its
Sub CA cert has been revoked.
Is it possible to do these? If so, could I please be pointed to the appropriate doco?
Cheers,
Chris
Christopher Lord
Systems Engineer
[cid:image356452.PNG@9ba4e46c.4b878abf]<http://>
T +61 2 9994 8587
E christopher.lord(a)mnfgroup.limited
mnfgroup.limited<https://mnfgroup.limited>
[cid:imagecc7394.JPG@0d852b9a.4ca00984]<http://>
This communication is intended only for the person to whom it is addressed and may contain
confidential material. If you received this communication in error, please inform the
sender immediately and delete all copies. Please think of the environment before printing
this email.