Hello everyone,

A bit of background on how things are configured: I have many local services and am in the process of setting up two local domains, namely local1.publick.com and local2.publick.com. I own the domain name publick.com and manage it through Cloudflare.

Local1 is for the Windows domain and is using Active Directory, while local2 is for the Linux domain and is using RHEL IDM.

Now, as I am also exploring Single Sign-On (SSO) with Keycloak and a few other things, I would like to properly set up SSL for all these subdomains. Can I configure two local certificate authorities? One for local1.public.com and another for local2.publick.com? I would then use these to create certificates for service.local1.publick.com and service.local2.publick.com. Since the AD domain controller and RHEL IDM controller are authoritative for these two domains, can I still integrate two CAs with this setup?

  • Lem453@lemmy.ca
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    10 months ago

    Do you want to create your own certs? You can use let’s encrypt certs on internal only local subdomains using DNS challenge.

    https://youtu.be/liV3c9m_OX8

    I do this with traefik and authentik and use SSO for both internal and external domains.

    • TCB13@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      10 months ago

      I just get why one would go over 2343 different pieces of software, containers, portainer, integrations and whatnot when it is as simple as issuing the wildcard certificate for the domain on a public facing machine and then transferring it to the private network.

      • Hexarei
        link
        fedilink
        English
        arrow-up
        3
        ·
        10 months ago

        DNS challenge makes it even easier, since you don’t have to go through the process of transferring it yourself

        • TCB13@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 months ago

          Still easier whats to setup that than what’s described. Even the Certbot tool is able to setup it up with a simple command.

          • Hexarei
            link
            fedilink
            English
            arrow-up
            2
            ·
            10 months ago

            Certbot also does DNS challenge, fwiw