Hello everyone,
A bit of background on how things are configured: I have many local services and am in the process of setting up two local domains, namely local1.publick.com and local2.publick.com. I own the domain name publick.com and manage it through Cloudflare.
Local1 is for the Windows domain and is using Active Directory, while local2 is for the Linux domain and is using RHEL IDM.
Now, as I am also exploring Single Sign-On (SSO) with Keycloak and a few other things, I would like to properly set up SSL for all these subdomains. Can I configure two local certificate authorities? One for local1.public.com and another for local2.publick.com? I would then use these to create certificates for service.local1.publick.com and service.local2.publick.com. Since the AD domain controller and RHEL IDM controller are authoritative for these two domains, can I still integrate two CAs with this setup?
Do you want to create your own certs? You can use let’s encrypt certs on internal only local subdomains using DNS challenge.
https://youtu.be/liV3c9m_OX8
I do this with traefik and authentik and use SSO for both internal and external domains.
I just get why one would go over 2343 different pieces of software, containers, portainer, integrations and whatnot when it is as simple as issuing the wildcard certificate for the domain on a public facing machine and then transferring it to the private network.
DNS challenge makes it even easier, since you don’t have to go through the process of transferring it yourself
Still easier whats to setup that than what’s described. Even the Certbot tool is able to setup it up with a simple command.
Certbot also does DNS challenge, fwiw