Hi, I'm new to FreeIPA and I have a conceptual question. I have an existing PKI-Infrastructure with one root CA and three derived Sub-CAs. Now I want to change the PKI-Management to FreeIPA without replacing the already existing Sub-CAs.
My first question is: Is it possible to have more then one external CAs (by the installation with "external-ca") in FreeIPA? The goal is to import the three existing external Sub-CAs with their keys in FreeIPA. I have found various sources from around 2015 that such a feature will be implemented later but I didn't found any information if it is implemented yet - or not. Furthermore I don't want to import the root CA with its key into FreeIPA. As far I understood this would be a security benefit if the ipa server would be compromised. If that idea is wrong, I would be happy to get some advice on this. Thanks Alexander _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
