ContextQMD
Back to Infisical

Azure ADCS Connection

docs/integrations/app-connections/azure-adcs.mdx

0.159.253.1 KB
Original Source

Connect Infisical to Microsoft Active Directory Certificate Services (ADCS) for automated certificate issuance and management.

Prerequisites

  • Microsoft Active Directory Certificate Services (ADCS) server running and accessible
  • Domain administrator account with certificate management permissions
  • Network connectivity from Infisical to the ADCS server
  • ADCS web enrollment enabled on your server

Connection Setup

<Steps> <Step title="Navigate to App Connections"> Navigate to the **App Connections** tab on the **Organization Settings** page. ![App Connections Tab](/images/app-connections/general/add-connection.png) </Step> <Step title="Add Connection"> Select the **Azure ADCS Connection** option from the connection options modal. ![Select Azure ADCS Connection](/images/app-connections/azure-adcs/azure-adcs-select-connection.png) </Step> <Step title="Configure Connection Details"> **Configuration Tab:** - **Name**: Friendly name for this ADCS connection (e.g., "Production ADCS") - **ADCS URL**: Your ADCS HTTPS URL (e.g., `https://adcs.yourdomain.com/certsrv`) - only HTTPS is supported - **Username**: Domain administrator username (format: `DOMAIN\username` or `[email protected]`) - **Password**: Password for the domain administrator account 
**SSL Tab:**
- **SSL Certificate**: Optional PEM certificate for custom CA certificates or self-signed certificates
- **Reject Unauthorized**: Whether to reject connections with invalid SSL certificates (it's recommended to keep it enabled)

<Note>
**Getting the SSL Certificate**: If your ADCS server uses a self-signed certificate or a certificate from a custom CA, you can obtain the certificate using OpenSSL or PowerShell:

**Using OpenSSL:**
```bash
openssl s_client -connect your-adcs-server:443 -showcerts
```

**Using PowerShell (from inside your ADCS Server):**
```powershell
Import-Module WebAdministration -ErrorAction SilentlyContinue
$binding = Get-WebBinding -Protocol https -Port 443
if ($binding -and $binding.certificateHash) {
    $cert = Get-ChildItem -Path "Cert:\LocalMachine\My\$($binding.certificateHash)"
    if ($cert) {
        $certBase64 = [System.Convert]::ToBase64String($cert.RawData)
        $certPem = "-----BEGIN CERTIFICATE-----`n" + ($certBase64 -replace '(.{64})', '$1`n') + "`n-----END CERTIFICATE-----"
        Write-Output $certPem
    }
}
```

Copy the certificate content (including `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` lines) and paste it into the SSL Certificate field.
</Note>

And click **Connect to ADCS** to establish the connection. 
![Connect to ADCS](/images/app-connections/azure-adcs/azure-adcs-app-connection-form.png)
![Connect to ADCS - SSL](/images/app-connections/azure-adcs/azure-adcs-app-connection-form-ssl.png)
</Step> <Step title="Connection Created"> Your **Azure ADCS Connection** is now available for use in your Infisical projects. ![Azure ADCS Connection Created](/images/app-connections/azure-adcs/azure-adcs-app-connection-created.png) </Step> </Steps>