Hello!
We using self-signed certs in our environment, so how could I add CA certs to connect nextcloud to internal resources such as AD and S3?
Nextcloud installed to k8s via stable/nextcloud helm chart.
So, nextcloud would use underlying OS certs? It higly app dependent, as example Java apps uses it’s own certs store, so i`m not sure about PHP.
i don’t see any reason why nextcloud should have it’s own ca store. nevertheless i never though about it and really don’t know.
i would launch a test system, delete the aws certs ( sudo dpkg-reconfigure ca-certificates) and try to install nextcloud with AWS S3 as primary storage.
if nextcloud uses the os certs that shouldn’t work.
It depends on your setup, there’s no easy answer. That said, I’d check out wildcard certificates from Let’s Encrypt.
For example, if you’re internet facing domain is “darthslider.net”, and you can demonstrate ownership/control of that domain, you can get a CA wildcard certificate for “*.darthslider.net”.
That means that you can now use the certificate internally for domains that aren’t on the internet, such as “ad.dartslider.net” or “s3.darthslider.net”.
This isn’t really a Nextcloud issue, which is why you didn’t get much of a response, but it’s worth trying to get a wildcard certificate from a CA. I use Let’s Encrypt, but you might find auto-renewal via DNS a pain. In that case, it may be worth paying for a wildcard cert that lasts a year.
Hope that helps!