[Samba] AD-level Certificate Authorities with samba?
Denis CARDON
dcardon at tranquil.it
Tue Dec 19 09:09:15 UTC 2023
Hi Michael,
> What's the way to have a domain-based certificate authority so that
> various TLS services can be enabled within a domain, including
> LDAPS and other similar services?
>
> The whole CA thing is already complex enough, microsoft has tools to
> do all this on their domain management collection (Active Directory
> Certificate Services). What's the way to do all this in/with samba-
> based AD?
we use SmallStep [1] internaly. It is not a drop-in replacement for ADCS
but you can get something quite similar. And by the way, I'm personnaly
happy no to have to deal with ADCS, I had a few problems with it in the
past and there have been a few nasty security issues due to that piece
of software in the last few years.
Cheers,
Denis
[1] https://smallstep.com/
>
> Thanks,
>
> /mjt
>
More information about the samba
mailing list