I’ve been searching around for a (somewhat) easy way to integrate a pki with a nethserver AD.
The use case is the following:
- Having one place where I can generate new certificates for people joining an organization (hello new sysadmin on the block, here is your ssh keypair).
- Having one place where those people’s profiles are linked with said certificates.
- Having one place where, if the need arise, I can delete the profile and revoke the certificate, with the publication of a CRL automagically handled for me.
I have given OpenXpki a good look and I would like to know if there is anything planned/already implemented in nethserver (such as a “working out of the box” openxpki instance that integrates with Samba) and if not, what are everyone’s thoughts on how (or even whether) it should be implemented.