Microsoft active directory certificate services with letsencrypt

A well explained here:

There is a way to use LETSENCRYPT with ADCS (Active Directory Certificate Services), but we would like to have it IN PRODUCTION..

Who can we talk to about pay to develop/maintain a solution to be used IN PRODUCTION?

Kind regards

Wonder Global

I doubt that is possible...
LE doesn't provide certificates that can be used to issue other certs from.

OR
Maybe I misunderstand the statement/request.
If you can better explain your need, maybe we can better answer the question.

3 Likes

The linked example is using Let's Encrypt for certificates used by the services themselves, it's not using Let's Encrypt to issue certs via ADCS.

If you want to use ACME (automated certificate management) but issue from ADCS you could look at GitHub - grindsa/acme2certifier: library implementing ACME server functionality

I suppose the question is what do you actually want, and why?

5 Likes

Hey, that's my face (and my writing)! :stuck_out_tongue:

As @webprofusion mentioned, that post is using Let's Encrypt instead of ADCS for certificate services in a domain. The whole point is that you don't need to bother installing, securing, and maintaining ADCS (which hasn't seen a significant update from Microsoft in over a decade).

The method can absolutely be used "in production". But you'd likely want to customize the scripts for your environment and add more error handling and logging to make things more robust than the proof of concept I put together for that post. If you're looking to pay a PowerShell developer to do that for you, I'm sure such people exist. But I don't really have any guidance on where to find them.

6 Likes

We have POWERSHELL developers, but can we have a talk over a webconference to understand what need to be done?

How can i reach you? my email is [redacted]

Great information Christopher Cook, i found this about ADCS:

But can we talk over a webconference to automate, perhaps use your https://certifytheweb.com/ solution also?

How can i reach you? My email is [redacted]

Respectfully, I already have a full time job. I'm not personally willing to provide guidance on this topic for your business outside the context of questions on this public forum. But I'm happy to continue answering questions here as I have time.

7 Likes

Thanks, I've responded to your support ticket. We don't provide consultancy as such but will be happy to answer specific questions about your evaluation of Certify The Web.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.