Use Let's Encrypt with Active Directory Certificate Services (AD CS)



I have been happily using letsencrypt for issuing SSL certificates for public websites.

However I am wondering if Let’s Encrypt would allow me to take it to the next level, and issue me with a certificate that I would use to validate my Active Directory Certificate Server.

Basically I would like to implement a CA in my organisation to allow the issuing of all sorts of certificates. However I presume that such certificates wouldn’t be able to be validated externally, since external users/hosts wouldn’t necessarily trust my CA. So I wonder if there is some way to add letscencrypt in the equation, in order to validate my CA.

Does that make sense?


I’m not all that familiar with Active Directory, but when you say you want to be able to implement a CA and issue certificates, that typically means getting a (intermediate) certificate that’s capable of signing other certificates. You won’t get such a certificate from any publicly-trusted CA without passing various audits and essentially becoming a publicly-trusted CA yourself. Additionally, public CAs are forbidden from issuing certificates for internal names (meaning: made-up domain names that you do not actually own) or for domains for which the subscriber has not demonstrated ownership.

Hope this helps.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.