Hi All,
We are doing a PoC of FreeIPA using a Sub CA issued by ms-ca as the CA for FreeIPA. One of the test cases laid out by our security team is that we need to be able to issue Sub CA certs for each FreeIPA replica so that we are able to revoke one of the Sub
CAs and still have a functioning FreeIPA stack. However I haven't been able to find a way to have an issued Sub CA cert per replica server, or how to have a FreeIPA replica register that its Sub CA cert has been revoked.
Is it possible to do these? If so, could I please be pointed to the appropriate doco?
Cheers,
Chris