Re: [Freeipa-devel] [freeipa] #3668: CA-less install fails when intermediate CA is used

Rob Crittenden Fri, 14 Jun 2013 12:44:41 -0700

Rob Crittenden wrote:

Jan Pazdziora wrote:

On Fri, Jun 07, 2013 at 09:23:48AM -0400, Dmitri Pal wrote:


The problem is that if you pass IPA certificates issued by CA2 and
point it to CA1 at the same time, it does not work (despite having the
complete trust chain).


But why would you do so? What would be the reason and business case? Why
not to point to CA2?


Could the business case be an IPA server in DMZ which does not have
access to CA2 but it can get to (public) CA1?


A client does need to be able to contact a CA in order to trust it.

Of course I meant that a client does NOT need to contact a CA. It justneeds the CA cert.


rob

_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [freeipa] #3668: CA-less install fails when intermediate CA is used

Reply via email to