Two-tier PKI and OpenVPN - Do you use it?



  • Well, after successfully bringing Two-Tier PKI to work in, I wonder if anyone else use it in pfSense OpenVPN solutions (WebGUI is piece of cake, so don't even mention).

    To anyone interested - PKI is AD CS based, successfully managed to add Netscape extensions for correct identification in WebGUI as 'server' certificates (didn't bothered in < 2.3, not really matters in 2.3+, but a will be a HUGE difference as number of connections grow), it really whips the llama ass to have only one Root CA cert to correctly identify and connect a bunch, often not even remotely connected (read - different enterprises/business, but under my supervision) systems.