https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162020-02-13T07:54:17ZpfSense bugtrackerpfSense - Feature #10258: allow to sign CAhttps://redmine.pfsense.org/issues/10258?journal_id=445992020-02-13T07:54:17ZJim Pingle
<ul><li><strong>Priority</strong> changed from <i>Normal</i> to <i>Very Low</i></li></ul><p>What is the use case for this?</p>
<p>We used to allow something similar in the past but removed it several years ago (CA was offered as a type of certificate when creating entries on the certificate tab)</p>
<p>Adding this seems unnecessary and is likely to duplicate a lot of the functionality we already have on the certs tab for little benefit.</p> pfSense - Feature #10258: allow to sign CAhttps://redmine.pfsense.org/issues/10258?journal_id=446802020-02-20T04:20:59ZJens Groh
<ul></ul><p>We could use that feature right now. We run multiple CA/intermediate CAs from our pfSense Clusters as we mostly need it there (besides few other places). We had multiple times that it would have been nice to have the ability to cross sign an intermediate CA from a new top level CA so to fade out the old top level in favor of the new top level CA. As we had a company rebranding, that issue has arrived again where now more than 20 intermediates are still signed against a top level CA that still has the old branding and info in it and can't be changed as we then would have to re-issue a new intermediate and new server/client certs for all customers. That's simply not possible in that scope.</p>
<p>So even if it's a low prio we'd be a happy customer of that.</p>