PKI — Internal Certificate Authority

Host: step-ca — CT117 on pve0-core, 10.37.16.128, VLAN 16 (Servers)

Status

Built and running. Not yet in active use — deployment is blocked by a TP-Link Omada firmware bug preventing WPA3-Enterprise 192-bit mode (EAP-TLS) from working correctly on the access points.

Once the firmware issue is resolved, step-ca will issue client and server certificates for the Horizon SSID (WPA3-Enterprise EAP-TLS), with radius-tls (CT121) as the RADIUS server.

See wifi.md for the planned WiFi architecture.