Feature #10258

allow to sign CA

Added by Viktor Gurov 12 months ago. Updated 11 months ago.

Very Low
Target version:
Start date:
Due date:
% Done:


Estimated time:


To create cross-signed intermediate CA,

This feature can be added to the page System / Certificate Manager / CAs / Edit -> Method list
in this way you can import a CA and then sign it with another CA in the system


#1 Updated by Jim Pingle 12 months ago

  • Priority changed from Normal to Very Low

What is the use case for this?

We used to allow something similar in the past but removed it several years ago (CA was offered as a type of certificate when creating entries on the certificate tab)

Adding this seems unnecessary and is likely to duplicate a lot of the functionality we already have on the certs tab for little benefit.

#2 Updated by Jens Groh 11 months ago

We could use that feature right now. We run multiple CA/intermediate CAs from our pfSense Clusters as we mostly need it there (besides few other places). We had multiple times that it would have been nice to have the ability to cross sign an intermediate CA from a new top level CA so to fade out the old top level in favor of the new top level CA. As we had a company rebranding, that issue has arrived again where now more than 20 intermediates are still signed against a top level CA that still has the old branding and info in it and can't be changed as we then would have to re-issue a new intermediate and new server/client certs for all customers. That's simply not possible in that scope.

So even if it's a low prio we'd be a happy customer of that.

Also available in: Atom PDF