You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Robin Thoni
f4492d0f65
typo
|
3 years ago | |
|---|---|---|
| .env | 3 years ago | |
| .gitignore | 3 years ago | |
| README.md | 3 years ago | |
| docker-compose.yml | 3 years ago |
README.md
README.md
Installation
.env
- Setup
ALL_TZto the current timezone - Set
ALL_RESTART_POLICYtounless-stopped
Generate Root and Intermediate CA
mkdir -p data/step-ca/home/secrets
echo 'change_it' > data/step-ca/home/secrets/password
chmod 600 data/step-ca/home/secrets/password
chown -R 1000:1000 data/step-ca/home
docker run -it --rm -v `pwd`/data/step-ca/home:/home/step smallstep/step-ca:0.15.6 step ca init --ssh --address '0.0.0.0:443' --provisioner 'admin-provisioner' --password-file 'secrets/password' --dns '127.0.0.1,localhost,pki.example.com' --name 'Example Inc.'
Active Directory
- Install AD-CS as Subordinate CA
- Generate private key using the wizard
- Finish the setup
- Copy the generated csr to
data/step-ca/home/certs - Run on the
step-cacontainershell step certificate sign --profile intermediate-ca certs/ad.csr certs/root_ca.crt secrets/root_ca_keyNote:stepmight complain if there’s an emtpy trailing line at the end of the CSR - Copy the generated certificate on stdout AND
certs/root_ca.crtsomewhere to the AD-CS server - Run on the AD-CS server
shell certutil -installcert C:\cert.crt # Install the signed certificate in AD-CS certutil -f -dspublish C:\root.crt RootCA # Publish the root CA in AD - Optionally remove the root and intermediate certificates files as they now imported in the store
- Start AD-CS