Project

General

Profile

Actions

Bug #5629

open

Allow for IPsec configuration using certs without a CA

Added by Florian Apolloner over 6 years ago. Updated 5 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
12/11/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

Currently it is required to specify a CA for the remote side. In most configurations it would be enough to just set rightcert instead.

Actions #1

Updated by Kris Phillips 5 months ago

This is only necessary for self-signed certs. Not sure what the functional benefit of removing the CA requirements would be. If you don't have a trusted CA, whether added manually or a publicly trusted one, how do you verify the certificate? You could set pfSense to say to not verify the certificate, but this is a security risk.

Actions

Also available in: Atom PDF