Project

General

Profile

Actions

Feature #3424

open

SCEP server

Added by John Lockwood about 10 years ago. Updated over 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
New Package Request
Target version:
-
Start date:
01/31/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

pfSense provides a variety of functions such as a Firewall, DHCP server, various types of VPN server, and can also act as a rootCA. A related feature it cannot currently do but other similar products can (e.g. Cisco ASA servers) is act as a SCEP server.

(This is likely to be teaching Grandma to suck eggs, but SCEP stands for Self Certificate Enrolment Protocol and was invented by Cisco for exactly this sort of situation.)

SCEP would allow a client to automatically obtain a client certificate which could then be used to make an authenticated connection to pfSense via VPN instead of using a PSK (pre-shared-key). This would save having to manually generate lots of user certificates for VPN users. pfSense would still be able to revoke certificates as needed.

As pfSense uses various open-source tools, you could use a similar open-source SCEP implementation. Here is an example http://code.google.com/p/jscep/

Actions

Also available in: Atom PDF