To whom this may concern, I use FreeIPA and I would like to create certificates for peer-to-peer and remote-access VPNs. In speaking with Fraser Tweedale, we agree that the best way forward is to create a secondary CA for insulation; but we may also need to create a custom certificate profile, which is non-trivial. As an end user of FreeIPA, I would like documentation on how to do this. I use pfSense which requires that I upload the CA cert, a server
cert and its private key. The private key for the CA is optional
and only required for pfSense to self manage a CRL. On the server
side I can also enforce the certificate depth; from none, to one
through five. The only existing references to VPN in the current docs are: * http://www.freeipa.org/page/V4/Sub-CAs#VPN_authentication * http://www.freeipa.org/page/User_certificate_use_cases
Regards, Phil |
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project