AD Certificate Import confusion

[Grimm Spector]

Hello, i have a WS2016 AD CS/CA and a FreeNAS setup on the same network. I have succesfully gotten the FreeNAS box to join the domain. I wish to use SSL capabilities and encryption with the NAS, so I'd like it to use the ADs Certificate Authority. However, I can find no way to export the CAs public key or certificate information for use in FreeNAS web interface, since FreeNAS lacks the capability to request it electronically. I'm hoping someone knowledgeable with WS might have gone through this and can explain how I can make this work, thanks!

 

[JohnL7]

Have you generated a certificate from your CA with the fqdn for your device? eg. freenas.domain.com

once you generate the cert, you should be able to use that or export it for conversion to a format used by Freenas.

 

[Grimm Spector]

Have you generated a certificate from your CA with the fqdn for your device? eg. freenas.domain.com

once you generate the cert, you should be able to use that or export it for conversion to a format used by Freenas.

Honestly I’m not at that step. Im trying to get the CA setup as a CA for freenas. But unlike old server 2008 the server 2016 CA doesn’t seem to let me export it in this format. Or at least I can’t find how to do it.

 

[JohnL7]

Honestly I’m not at that step. Im trying to get the CA setup as a CA for freenas. But unlike old server 2008 the server 2016 CA doesn’t seem to let me export it in this format. Or at least I can’t find how to do it.

I have never had luck working with Windows certs to have it work properly with any Linux system. There are applications that can convert it for you, just search for "convert X to Y certificate" and you will find a few solid its. Ive had to do this on other systems and run the conversion for my linux systems to take the cert.

 

[Grimm Spector]

I have never had luck working with Windows certs to have it work properly with any Linux system. There are applications that can convert it for you, just search for "convert X to Y certificate" and you will find a few solid its. I've had to do this on other systems and run the conversion for my linux systems to take the cert.

Thanks. Here’s wishing for more open universal standards.

I found if I pull out formats with OpenSSLs package that I can get the requests approval back manually. And I can run the command line version of certmgr in the domain to inject a template name to get the cert issued properly in the first place. Seems to be working ok except that windows still doesn’t by default use SAN so I need to redo them all and manually inject that ... gg MS.