On 2025-11-14, Christopher Sean Hilton <[email protected]> wrote: > > 3. As a side question, has anyone successfully integrated the OpenBSD iked > PKI into their > own corporate PKI?
you can certainly use certs generated from methods other than "ikectl ca". it is rather awkward to find the right place for everything if there's an intermediate cert rather than signed directly by the ca but that should also be possible these days if needed. (i can't answer the dstid question, i don't know whether that's an iked thing or a protocol thing).
