Thanks for your reply. To geht this right: Your said, by using an external ca or importing
additional external CAs to FreeIPA keys won't be imported to FreeIPA. So that means
when using such a setup FreeIPA is not intended to issue own certificates to clients?