Hi all,
I was discussing a issue with @ftweedal and I will continue doing some
questions here.
I have installed Freeipa with an additional Replica Server, but to me some
concepts are not so clear.
Let' talk about my setup:
Goal: Replace Active Directory Auth on DMZ Network.
Provide SSL Certs for Servers/Services
If possible, Management for MIME/S Certificates(Mail Signing)
Setup:
Servers(Total: 3 VMs)
ipa1/ipa2: Freeipa Server and Replica
pki1: Datadog installation(external CA for ipa1/ipa2).
I know, Freeipa includes Datadog(and that makes the certificates management
possible), but I needed a Datadog Service to create the external CA for
ipa1/ipa2.
Now I have some questions:
- Was Datadog Installation "too much"? Probably was better just create a CA
manually with openSSL and import it on ipa1/ipa2?
- Should I use Freeipa as the sub-CA for all Servers/Services and leave
Datadog as a main CA? Do I have an advantage using this setup?
Thanks in Advance!
Best Regards,
Gabriel
Gabriel Stein