Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Paul Risbey on March 25, 2002, 10:59:20 AM
-
I would like to know if e-smith or any other linux based program has the ability to operate as a Root Certificate Authority Server and issue certificates that are recognised in a windows domain
-
Being a root CA is completely independent from the Windoze domain model, and the only ones that can operate as a root CA with stock Windoze (or Mac, or just about anything else) are Verisign, Thawte, Equifax, etc. It's a matter of having the appropriate signing key. If you generate a CA certificate and import it into all the machines on your network (the former is easy; the latter may not be depending on how many machines you have), then your SME box can act as a root CA. It's all a matter of whether the client machines recognize the cert.
Unfortunately, SME at this point doesn't come with any decent tools to manage this--I don't know of any that are available, actually, though there must be some somewhere.