Bug #5629: Allow for IPsec configuration using certs without a CA - pfSense - pfSense bugtracker

Actions

Copy link

Bug #5629

open

Allow for IPsec configuration using certs without a CA

Added by Florian Apolloner about 9 years ago. Updated almost 3 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

IPsec

Target version:

Start date:

12/11/2015

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

All

Affected Architecture:

All

Description

Currently it is required to specify a CA for the remote side. In most configurations it would be enough to just set rightcert instead.

History
Notes

Actions

Copy link

Updated by Kris Phillips almost 3 years ago

This is only necessary for self-signed certs. Not sure what the functional benefit of removing the CA requirements would be. If you don't have a trusted CA, whether added manually or a publicly trusted one, how do you verify the certificate? You could set pfSense to say to not verify the certificate, but this is a security risk.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #5629

Allow for IPsec configuration using certs without a CA

Updated by Kris Phillips almost 3 years ago