-
Notifications
You must be signed in to change notification settings - Fork 255
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Windows AD CS + ACME #671
Comments
I haven't used Windows AD CS much myself but there are a couple of projects that try to provide an ACME service that you could then use: https://github.com/glatzert/ACME-Server-ADCS (powershell) https://github.com/grindsa/acme2certifier From memory there were more but I can't find them on google currently. The big commercial enterprise PKI vendors offer this sort of integration as well I believe. Other variations on the theme include sharing your root certificate from AD CS with a different internal ACME server (so the trust stays the same but the issuing system is different): https://smallstep.com/blog/byor-adcs-to-smallstep/ Can you describe your use case in more detail? Machine identity, trusted intranet sites and client certificates?? We wouldn't rule out directly providing such integration but it's not in the pipeline currently. |
So I guess in my mind, anything that does not need to be publicly available, I would use a private PKI… A lot of stuff I am able to push out via group policy if it's a Windows based computer. However, there are a handful of Services such as databases, web firewalls, Apache2 (Website). |
Hi @webprofusion-chrisc,
I would also like to request the integration of Certify the Web with the local Windows PKI. Is it feasible for Certify the Web to utilize the ACME protocol to obtain certificates from Windows AD CS?
The text was updated successfully, but these errors were encountered: