Phil Ingram <pingram...@gmail.com> writes: > I use FreeIPA and I would like to create certificates for peer-to-peer > and remote-access VPNs.
I tried to replace may manual easy-CA certificates with FreeIPA ones, but that didn't work out (but my fallback also broke). My "productive" VPN connection for now is ocserv, but I'd like to get OpenVPN running again. > In speaking with Fraser Tweedale, we agree that the best way forward > is to create a secondary CA for insulation; but we may also need to > create a custom certificate profile, which is non-trivial. As an end > user of FreeIPA, I would like documentation on how to do this. I'm happy to try something and give feedback. I think I'll have time at the end of this month to work on OpenVPN again. Jochen -- The only problem with troubleshooting is that the trouble shoots back. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project