CA Architecture
-
I'm just getting started setting up a Certificate Authority Architecture. I may have some mis-understandings, but from what I've read, it looks like…
-
I want to set up a central CA that signs for a set of Intermediate Certificate Authorities (ICAs).
-
My CA should not sign individual certificates. It should only vouch for my ICAs.
-
All of my certificates are signed by an appropriate ICA.
I have a few sites that I am working on connecting via site to site VPNs using pfSense boxes. I am thinking about leveraging the CA functionality within pfSense. My question is, can I create an ICA on a site that refers to a CA that's on another site, at the end of a tunnel or does an ICA need to be on the same box as its CA?
-
-
- I want to set up a central CA that signs for a set of Intermediate Certificate Authorities (ICAs).
- My CA should not sign individual certificates. It should only vouch for my ICAs.
- All of my certificates are signed by an appropriate ICA.
I have a few sites that I am working on connecting via site to site VPNs using pfSense boxes. I am thinking about leveraging the CA functionality within pfSense. My question is, can I create an ICA on a site that refers to a CA that's on another site, at the end of a tunnel or does an ICA need to be on the same box as its CA?