Hello, I need to issue some certificates for the AD Environment and I don’t have ADCS in place. So my FreeIPA deployment was with a self signed CA and the common AD Trust enabled.
Now with this issue I’m looking on the IPA’s documentation and there’s some recommendations to deploy IPA as as subCA from ADCS, but as as I said, I don’t have it. So I was thinking if it’s possible to issue certificates for Windows machines directly form FreeIPA, and if this is recommended or not. If it’s possible but it will be a hassle, there’s a way to make FreeIPA talk with ADCS after the deployment? I can setup an ADCS instance to keep Windows certificates in a separate location. I saw this post: https://frasertweedale.github.io/blog-redhat/posts/2019-09-23-direct-integration-ipa-certs.html but I don’t think it’s the same issue here; the valuable info that I found on this site is about trusting the FreeIPA CA certificate on Windows environment: "Operationally there is one additional step when the IPA CA is not subordinate to the AD CA: the IPA CA certificate has to be explicitly trusted.”; but the use case does not seems to be on a Windows system. Thanks for any guidance.
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
