[Samba] AD-level Certificate Authorities with samba?
Joachim Lindenberg
samba at lindenberg.one
Mon Dec 18 15:37:38 UTC 2023
My (external) domains are signed, i.e. using DNSSEC. It doesn´t look like the service you suggest supports DNSSEC. And except for wildcard certificates (which I dislike and don´t use) there is no reason to rely on acme-dns at all.
Joachim
-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von sacawulu via samba
Gesendet: Montag, 18. Dezember 2023 16:19
An: samba at lists.samba.org
Betreff: Re: [Samba] AD-level Certificate Authorities with samba?
Hi,
Op 18-12-2023 om 16:02 schreef Joachim Lindenberg via samba:
> I am using Letsencrypt certificates everywhere, including all samba
> domain members and internal services. Of course that requires internal
> names to have at least wildcard DNS-resolution for letsencrypt, and
> proxying port 80 to the relevant letsencrypt service. But it saves me
> from configuring trust anchors manually across all clients. Joachim
We're also doing LetsEncrypt, only we switched to dns-based validation using acme-dns (https://github.com/joohoi/acme-dns)
That way you avoid the port 80 issue.
MJ
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list