Use Let's Encrypt with Active Directory Certificate Services (AD CS)


#1

Hello,

I have been happily using letsencrypt for issuing SSL certificates for public websites.

However I am wondering if Let’s Encrypt would allow me to take it to the next level, and issue me with a certificate that I would use to validate my Active Directory Certificate Server.

Basically I would like to implement a CA in my organisation to allow the issuing of all sorts of certificates. However I presume that such certificates wouldn’t be able to be validated externally, since external users/hosts wouldn’t necessarily trust my CA. So I wonder if there is some way to add letscencrypt in the equation, in order to validate my CA.

Does that make sense?


#2

I’m not all that familiar with Active Directory, but when you say you want to be able to implement a CA and issue certificates, that typically means getting a (intermediate) certificate that’s capable of signing other certificates. You won’t get such a certificate from any publicly-trusted CA without passing various audits and essentially becoming a publicly-trusted CA yourself. Additionally, public CAs are forbidden from issuing certificates for internal names (meaning: made-up domain names that you do not actually own) or for domains for which the subscriber has not demonstrated ownership.

Hope this helps.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.