Certificate Manager Package used?

  • What package does pfSense use to generate certificates for OpenVPN/OpenSSL?
    Easy-RSA, 2cca, or something else?
    Thank you!

  • Rebel Alliance Developer Netgate

    We use our own code to do the management, which in turn makes calls to OpenSSL through the PHP OpenSSL module in most cases, and in some cases to OpenSSL directly.

  • Thanks for the reply.
    I was kinda fishing for a better solution than Easy-RSA - which Debian seems to be falling behind on keeping it updated. I figured if anyone knew what the best alternative was, it would be the pfSense people. Just didn't anticipate it would be a "roll your own" solution!  :D

  • Rebel Alliance Developer Netgate

    Just use a pfSense instance somewhere on your network to manage your certs ;-)

    Though it's not perfectly suited to being a general purpose CA, it sure beats having to mess with EasyRSA.

    And on 2.4 you can sign CSRs as well as create certificates.

Log in to reply