External certificates
-
My goal is to authenticate OpenVPN users with certificates, but to not have any private keys stored on the pfSense machine since it a public facing interfacing machine. Is this possible? Is it worth it to figure out how to do it?
Thanks in advance!
-
If you manage the certificates on another system you could get away with only needing the OpenVPN server certificate private key (not the CA private key or the user certs/keys). You couldn't use the export package, but it would work.
In that scenario the only certs on the system (aside from the GUI's cert/key) would be the CA cert, Server cert, and Server key.