To whom this may concern,
I use FreeIPA and I would like to create certificates for peer-to-peer and remote-access VPNs. In speaking with Fraser Tweedale, we agree that the best way forward is to create a secondary CA for insulation; but we may also need to create a custom certificate profile, which is non-trivial. As an end user of FreeIPA, I would like documentation on how to do this.
I use pfSense which requires that I upload the CA cert, a server
cert and its private key. The private key for the CA is optional
and only required for pfSense to self manage a CRL. On the server
side I can also enforce the certificate depth; from none, to one
The only existing references to VPN in the current docs are:
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project