Related: Does anyone know of a PKI-on-WireGuard implementation? Specifically I'm looking for a system that lets clients join the WireGuard network by presenting a CA-signed certificate.
Sadly I haven’t found anything. All there is are those curv25519 key pairs last i looked which is a real pain to manage at any scale, can’t be setup with a ttl etc. That’s probably main value proposition of products like Tailscale tbh