Hi All,

We are doing a PoC of FreeIPA using a Sub CA issued by ms-ca as the CA for FreeIPA. One of the test cases laid out by our security team is that we need to be able to issue Sub CA certs for each FreeIPA replica so that we are able to revoke one of the Sub CAs and still have a functioning FreeIPA stack. However I haven't been able to find a way to have an issued Sub CA cert per replica server, or how to have a FreeIPA replica register that its Sub CA cert has been revoked.

Is it possible to do these? If so, could I please be pointed to the appropriate doco?

Cheers,

Chris

Christopher Lord
Systems Engineer
T	+61 2 9994 8587
E	christopher.lord@mnfgroup.limited	mnfgroup.limited

This communication is intended only for the person to whom it is addressed and may contain confidential material. If you received this communication in error, please inform the sender immediately and delete all copies. Please think of the environment before printing this email.