[Samba] AD-level Certificate Authorities with samba?

Joachim Lindenberg samba at lindenberg.one
Mon Dec 18 15:37:38 UTC 2023


My (external) domains are signed, i.e. using DNSSEC. It doesn´t look like the service you suggest supports DNSSEC. And except for wildcard certificates (which I dislike and don´t use) there is no reason to rely on acme-dns at all.
Joachim

-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von sacawulu via samba
Gesendet: Montag, 18. Dezember 2023 16:19
An: samba at lists.samba.org
Betreff: Re: [Samba] AD-level Certificate Authorities with samba?

Hi,

Op 18-12-2023 om 16:02 schreef Joachim Lindenberg via samba:
> I am using Letsencrypt certificates everywhere, including all samba 
> domain members and internal services. Of course that requires internal 
> names to have at least wildcard DNS-resolution for letsencrypt, and 
> proxying port 80 to the relevant letsencrypt service. But it saves me 
> from configuring trust anchors manually across all clients. Joachim

We're also doing LetsEncrypt, only we switched to dns-based validation using acme-dns (https://github.com/joohoi/acme-dns)

That way you avoid the port 80 issue.

MJ

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




More information about the samba mailing list