secure MS AD Sync with AD domain Name company.local
The coyo cloud - secure Active Directory Sync with a certificate only works with an Active Directory like "company.com".
Most customers have an Active Directory named like "company.local".
The external hostname and certificate like “server.company.com” does not match the internal “server.company.local” - the AD sync failed.
Please provide a white paper of a solution.
I can’t really think of a solution that does not have a security impact. Since .local domains do not “belong” to anyone we won’t be able to say for sure that a source is trustworthy.
Our recommendation is to obtain a certificate for the customers domain (also self signed certificates would be an option) because this is the only way that guarantees security.
Stefan Schneider commented
This security concern is wrong as long as the customer is using an Enterprise CA to create the Domain Controller certificates.
This would work without compromising security if there was an option to add the Enterprise CAs root certificate to the trusted CAs on the coyo server.
Loading the additional certificate on container start may be a viable option.