Project

General

Profile

Feature #3424

SCEP server

Added by John Lockwood over 5 years ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
New Package Request
Target version:
-
Start date:
01/31/2014
Due date:
% Done:

0%

Estimated time:

Description

pfSense provides a variety of functions such as a Firewall, DHCP server, various types of VPN server, and can also act as a rootCA. A related feature it cannot currently do but other similar products can (e.g. Cisco ASA servers) is act as a SCEP server.

(This is likely to be teaching Grandma to suck eggs, but SCEP stands for Self Certificate Enrolment Protocol and was invented by Cisco for exactly this sort of situation.)

SCEP would allow a client to automatically obtain a client certificate which could then be used to make an authenticated connection to pfSense via VPN instead of using a PSK (pre-shared-key). This would save having to manually generate lots of user certificates for VPN users. pfSense would still be able to revoke certificates as needed.

As pfSense uses various open-source tools, you could use a similar open-source SCEP implementation. Here is an example http://code.google.com/p/jscep/

History

#1 Updated by Ermal Lu├ži over 5 years ago

The new IPSec implementation in 2.2 does support it though supporting it in the GUI is not forseen yet.

#2 Updated by Jim Pingle 2 months ago

  • Category set to New Package Request

Also available in: Atom PDF