Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

What do you us for Internet Certs inside the company?

Daniel Nashed  28 August 2020 11:45:54

For external servers Let's Encrypt is a great option to automate certificate management.
But as long you are not using offical DNS names registered in combination with "split DNS" etc you can't use Let's Encrypt to manage your certs internally.
Also Let's Encrypt has some limits for the number of certificates you can request per domain.

What type of CAs? Manual or automated?

So I am curious what type of CAs you use out in the field.
And how do you integrate certificate request flows?
Do you have automation today?

Microsoft CA.

I guess that's one of the most commonly CAs used today in combination with AD?

I just looked again into the Microsoft CA yesterday, because at one of my customers we need to renew around 40 certs.
The only way they offer for non-windows machines which could request them automatically is via the Microsoft CA website.
Depending on the configuration and your user permissions you can get certificates on the fly.
Or just kick of the process pasting a CSR and get a request number which can be used later to retrieve the certificate.

For what I needed I wrote a shell script leveraging curl to submit the request and to later download the certificate.

The interface doesn't offer any type of REST request with a defined interface and I am not aware of any official interface. Maybe someone has an idea?
I am just simulating the behavior of the website using curl for now. The only alternative way is the command-line which has to be executed on the CA or an authorized machine.

So I am interested to hear what type of CAs you use and how the process is to get a certificate issued.
And what automation you have implemented today.


-- Daniel


Image:What do you us for Internet Certs inside the company?


Archives


  • [IBM Lotus Domino]
  • [Domino on Linux]
  • [Nash!Com]
  • [Daniel Nashed]