[Freeipa-users] RFE: Documentation for creating OpenVPN certificates.

[Jochen Hein]

Phil Ingram <pingram.au at gmail.com> writes:

> I use FreeIPA and I would like to create certificates for peer-to-peer
> and remote-access VPNs.

I tried to replace may manual easy-CA certificates with FreeIPA ones,
but that didn't work out (but my fallback also broke). My "productive"
VPN connection for now is ocserv, but I'd like to get OpenVPN running
again.

> In speaking with Fraser Tweedale, we agree that the best way forward
> is to create a secondary CA for insulation; but we may also need to
> create a custom certificate profile, which is non-trivial. As an end
> user of FreeIPA, I would like documentation on how to do this.

I'm happy to try something and give feedback.  I think I'll have time at
the end of this month to work on OpenVPN again.

Jochen

-- 
The only problem with troubleshooting is that the trouble shoots back.