Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    advice for cert management with external CA and PKI

    Scheduled Pinned Locked Moved
    General pfSense Questions
    1
    1
    56
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SpaceBass
      last edited by

      hey friends - looking for some expertise and advice on cert management with an external CA and PKI system.

      We use pfSense as our gateways and VPN end points (mostly openvpn for road warriors).

      Our setup at our main site has gotten increasingly complex (mostly in good ways). We use OpenXPKI as our internal CA and PKI system.

      The challenge comes when it is time to re-cert and re-key the VPN server and users. It is an inherently manual process that involves creating entirely new certs on the PKI.

      I know pfSense doesn't support a renewal request in the CA/Cert manager for external certs. And the ACME plugin doesn't support custom ACME server profiles.

      So, does anyone have any experience, insight, or tips in managing both user and server certs from an external PKI?

      We have AD (via Samba) - publishing user certs to AD isn't out of the question. But I'm not sure that helps. And OpenXPKI supports scep and est, but also not sure that helps.

      So short of an annual mad dash to re-cert everything, does anyone have any ideas or tips?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post