Certificate services

[Denis CARDON]

Hi Andrew and Thomas,

Le 09/02/2021 à 09:26, Andrew Bartlett via samba-technical a écrit :
> On Fri, 2021-02-05 at 23:03 -0500, Thomas Epperson via samba-technical
> wrote:
>> Hello,
>>
>> Have there been any efforts or are there any technical boundaries to
>> implementing the certificate services in samba (as would be used with
>> active directory) ? I am looking to implement it and thought adding
>> it to
>> samba would make sense.
> 
> I've not looked into it but are you thinking in terms of what would
> allow a member server to self-issue a certificate in its own name etc?

I have a client who had to setup an ADCS (AD Certificate Service) for 
VMWare Horizon. It has been set up on a member server joined to a 
Samba-AD domain and it does work properly (at least for that use case) 
for auto enrollment.

They have a separate CA for the other stuff (user certificates, https 
server certificates, etc.), so I cannot say for every use cases.

Cheers,

Denis

> A CA manager is a complex beast (once CRLs or OCSP etc start happening)
> so I wonder if we should bridge any interfaces we need to supply to an
> existing project.
> 
> But beyond that have a go I suppose!  I've not heard of any other
> efforts that are Samba-integrated.
> 
> Andrew,
>