Phil Ingram <> writes:

> I use FreeIPA and I would like to create certificates for peer-to-peer
> and remote-access VPNs.

I tried to replace may manual easy-CA certificates with FreeIPA ones,
but that didn't work out (but my fallback also broke). My "productive"
VPN connection for now is ocserv, but I'd like to get OpenVPN running

> In speaking with Fraser Tweedale, we agree that the best way forward
> is to create a secondary CA for insulation; but we may also need to
> create a custom certificate profile, which is non-trivial. As an end
> user of FreeIPA, I would like documentation on how to do this.

I'm happy to try something and give feedback.  I think I'll have time at
the end of this month to work on OpenVPN again.


The only problem with troubleshooting is that the trouble shoots back.

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to