Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to setup a subordinate CA on pfSense

    OpenVPN
    1
    1
    307
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Kajetan321
      last edited by

      I would like to setup an OpenVPN server utilizing certificates on my Netgate device. I would also like to setup LDAP between our Windows domain controller and pfSense so that users can logon to pfSense with Windows credentials. To setup LDAP, apparently I need to figure out my certificate authority setup. It would be nice if OpenVPN clients would need to authenticate with their Windows credentials before being allowed through the VPN on top of the certificates. I would also like to setup 2FA using Google authenticator, though I understand this should be done last. Our domain controller is also running a Windows Certificate Authority.

      To start I would like to setup a subordinate CA on pfSense to the Windows CA. In other words, I want certificates generated by Windows CA to be trusted by pfSense (for example for LDAP authentication) and certificates generated by pfSense to be trusted by Windows machines on the domain (though the windows CA).

      Would anyone know the steps required to setup such a trust between pfSense CA and Windows CA? Right now I have not created any CA on pfSense.

      Any pointers would be appreciated.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.