To whom this may concern,

I use FreeIPA and I would like to create certificates for peer-to-peer and remote-access VPNs. In speaking with Fraser Tweedale, we agree that the best way forward is to create a secondary CA for insulation; but we may also need to create a custom certificate profile, which is non-trivial. As an end user of FreeIPA, I would like documentation on how to do this.

I use pfSense which requires that I upload the CA cert, a server cert and its private key. The private key for the CA is optional and only required for pfSense to self manage a CRL. On the server side I can also enforce the certificate depth; from none, to one through five.

The only existing references to VPN in the current docs are:





Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to