Certificate services
Denis CARDON
dcardon at tranquil.it
Tue Feb 9 08:46:36 UTC 2021
Hi Andrew and Thomas,
Le 09/02/2021 à 09:26, Andrew Bartlett via samba-technical a écrit :
> On Fri, 2021-02-05 at 23:03 -0500, Thomas Epperson via samba-technical
> wrote:
>> Hello,
>>
>> Have there been any efforts or are there any technical boundaries to
>> implementing the certificate services in samba (as would be used with
>> active directory) ? I am looking to implement it and thought adding
>> it to
>> samba would make sense.
>
> I've not looked into it but are you thinking in terms of what would
> allow a member server to self-issue a certificate in its own name etc?
I have a client who had to setup an ADCS (AD Certificate Service) for
VMWare Horizon. It has been set up on a member server joined to a
Samba-AD domain and it does work properly (at least for that use case)
for auto enrollment.
They have a separate CA for the other stuff (user certificates, https
server certificates, etc.), so I cannot say for every use cases.
Cheers,
Denis
> A CA manager is a complex beast (once CRLs or OCSP etc start happening)
> so I wonder if we should bridge any interfaces we need to supply to an
> existing project.
>
> But beyond that have a go I suppose! I've not heard of any other
> efforts that are Samba-integrated.
>
> Andrew,
>
More information about the samba-technical
mailing list