acme2certifier mswcce with kerberos #316

rastislav-janci-atos · 2026-04-21T15:30:30Z

rastislav-janci-atos
Apr 21, 2026

Hello.
I am trying to configure MSWCCE to get certificate from Microsoft CA. I need to use kerberos auth. Is there any detailed configuration howto or something like that to help me configure it correctly. I have some question - is there any way to hide password from acme_srv.cfg.

Thank you.

Best regards,
Rasto

grindsa · 2026-04-21T17:42:12Z

grindsa
Apr 21, 2026
Maintainer

Hi,

The MSWCCE handler documentation describes how to configure the handler and enable Kerberos authentication. The configuration itself is fairly straightforward; there is also an there is an example from our actual regression testing that you can use as a reference.

It is important that your MSAD domain can be resolved via DNS and that you configure the IP address of your KDC using the domain_controller parameter in acme_srv.cfg.

You can use the `password_variable parameter? in acme_srv.cfg to reference an environment variable containing the password. While I have only tested this in a containerized environment, it should also work in a deb/rpm-based deployment.

Best regards,
G.

1 reply

rastislav-janci-atos May 12, 2026
Author

Thank you. We have working server now. Just a question. Is it possible that acme2certifier is using OS configured kerberos?

Best regards.
Rastislav Janci

grindsa · 2026-05-15T04:04:56Z

grindsa
May 15, 2026
Maintainer

Hi,

can you describe your requirement a bid more in detail. What would be your expectation?

The handler gets configured with the following parameters:

host: 192.168.14.130
user: a2c
password: <whatever>
target_domain: bar.local
domain_controller: 192.168.14.130
ca_name: myca
template: WebSrv
ca_bundle:volume/ca_certs/bar.local.pem
use_kerberos: True

Shall we take target_domain and domain_controller values from krb5.conf?

/G

2 replies

rastislav-janci-atos May 15, 2026
Author

Yes, that is one request but use os configured kerberos system and use kerberos keytab to prevent storing password in system.

Best regards,
Rastislav Janci

grindsa May 16, 2026
Maintainer

Ok thanks. I will put it on the roadmap for an upcoming a2c release.

I am not really a Kerberos expert. Can you give me some guidance how to create and use the keytab via CLI?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

acme2certifier mswcce with kerberos #316

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments 3 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

acme2certifier mswcce with kerberos #316

Uh oh!

rastislav-janci-atos Apr 21, 2026

Replies: 2 comments · 3 replies

Uh oh!

grindsa Apr 21, 2026 Maintainer

Uh oh!

rastislav-janci-atos May 12, 2026 Author

Uh oh!

grindsa May 15, 2026 Maintainer

Uh oh!

rastislav-janci-atos May 15, 2026 Author

Uh oh!

grindsa May 16, 2026 Maintainer

rastislav-janci-atos
Apr 21, 2026

Replies: 2 comments 3 replies

grindsa
Apr 21, 2026
Maintainer

rastislav-janci-atos May 12, 2026
Author

grindsa
May 15, 2026
Maintainer

rastislav-janci-atos May 15, 2026
Author

grindsa May 16, 2026
Maintainer