Vous ne pouvez pas sélectionner plus de 25 sujets
Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
Robin Thoni
f4492d0f65
typo
|
il y a 3 ans | |
|---|---|---|
| .env | il y a 3 ans | |
| .gitignore | il y a 3 ans | |
| README.md | il y a 3 ans | |
| docker-compose.yml | il y a 3 ans |
README.md
README.md
Installation
.env
- Setup
ALL_TZto the current timezone - Set
ALL_RESTART_POLICYtounless-stopped
Generate Root and Intermediate CA
mkdir -p data/step-ca/home/secrets
echo 'change_it' > data/step-ca/home/secrets/password
chmod 600 data/step-ca/home/secrets/password
chown -R 1000:1000 data/step-ca/home
docker run -it --rm -v `pwd`/data/step-ca/home:/home/step smallstep/step-ca:0.15.6 step ca init --ssh --address '0.0.0.0:443' --provisioner 'admin-provisioner' --password-file 'secrets/password' --dns '127.0.0.1,localhost,pki.example.com' --name 'Example Inc.'
Active Directory
- Install AD-CS as Subordinate CA
- Generate private key using the wizard
- Finish the setup
- Copy the generated csr to
data/step-ca/home/certs - Run on the
step-cacontainershell step certificate sign --profile intermediate-ca certs/ad.csr certs/root_ca.crt secrets/root_ca_keyNote:stepmight complain if there’s an emtpy trailing line at the end of the CSR - Copy the generated certificate on stdout AND
certs/root_ca.crtsomewhere to the AD-CS server - Run on the AD-CS server
shell certutil -installcert C:\cert.crt # Install the signed certificate in AD-CS certutil -f -dspublish C:\root.crt RootCA # Publish the root CA in AD - Optionally remove the root and intermediate certificates files as they now imported in the store
- Start AD-CS