New version of adcs-issuer

[djkormo]

I've decided to renew the code for adcs-issuer. Now it works with cert-manager 1.9.x and fully supports ntlm.

This work is still in progress. Helm chart will be in few next releases.

My repo link:
https://github.com/djkormo/adcs-issuer

Linked to:

#1077

[wallrj]

Thanks. Why are there so many forks of this project? Is there some consensus about which is the official version since Nokia archived the original?

https://github.com/djkormo/adcs-issuer/network/members

I'm glad you're maintaining it, but have you talked to those other maintainers about whether yours should become the official version?

[djkormo]

I forked the most "deep" version and I have made changes to use this plugin with 1.9.1 cert manager. The original version was using the old cert manager API (beta). I haven't so far to talk to other people. The Nokia code is outdated and imposibble to use at this moment. With best regards, Krzysztof Pudłowski czw., 12 sty 2023 o 13:16 Richard Wall ***@***.***> napisał(a):

…

Thanks. Why are there so many forks of this project? Is there some consensus about which is the official version since Nokia archived the original? https://github.com/djkormo/adcs-issuer/network/members [image: image] <https://user-images.githubusercontent.com/978965/212063886-d637f7d4-75d6-4222-9cea-16bc6eb2deab.png> I'm glad you're maintaining it, but have you talked to those other maintainers about whether yours should become the official version? — Reply to this email directly, view it on GitHub <#1132 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AE2CS6KN3UZA2VAUQY5KXTLWR7YYJANCNFSM6AAAAAATBRG7QA> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[wallrj]

@mmlt @SimeonPoot @jimbali @gellner @pearj @dimatha You all have forks of the adcs issuer which are ancestors of @djkormo 's fork . Please weigh in on which version you now consider to be the official / best version.

@CsatariGergely and @chojnack You both contributed to the original Nokia project (AFAICS) so please comment if you have time. Which of the forks you consider to be the official version.

xref

• If you have forked this project and are managing a current working repository, please comment your repo in this issue (so others can find it) nokia/adcs-issuer#14

[CsatariGergely]

Unfortunately we are not maintaining the original project anymore, but honestly I can not and do not want to define the official successor of the original Nokia code. I'm happy to add a note to the README to the original repo to clarify the situation if needed.

[SimeonPoot]

Hi there, at the moment I'm not maintaining any of the adcs-issuer code anymore. Made a few adjustments to make it working for the company I was with at that time, (I think the same goes for mmlt, as we teamed up).

If I need to do something for you guys, lemme know.

Good luck!

[jimbali]

Unfortunately I was never able to complete the work that I needed this for, as I was blocked by another couple of departments for almost a year, and then the company went bust. I no longer have access to an ADCS server.

[pearj]

@djkormo seems to be the most active and keen to keep pushing adcs-issuer forward. I Vote his repo.

[dimatha]

@djkormo seems to be the most active and keen to keep pushing adcs-issuer forward. I Vote his repo.

Agree

Thanks a lot for your work!

[wallrj]

Thanks for all your feedback.

@djkormo Please go ahead and create a PR linking to your fork of the adcs issuer with a note explaining how it is derived from the original Nokia project. Also add a note to the README in your fork explaining the heritage of the project. And thank you! for maintaining it.

[djkormo]

After so many months I prepared documentation at https://djkormo.github.io/adcs-issuer/. Helm chart version of this plugin is now available.

[wallrj]

After so many months I prepared documentation at https://djkormo.github.io/adcs-issuer/. Helm chart version of this plugin is now available.

Great! Open a PR to update https://cert-manager.io/docs/configuration/issuers/ and ping me when you want a review.

• website/content/docs/configuration/issuers.md

  Lines 9 to 29 in 07a6456

  	| Tier | Controller | Docs | Issuer | cert-manager<br/>version used<br/>in tutorial[^1] | Released within<br/>12 months[^2] | Is Open Source |
  	|------|------------|------|--------|--------|--------|--------|
  	| 🥇 | acme-issuer (in-tree) | [📄][config:acme-issuer] | [ACME](https://datatracker.ietf.org/doc/html/rfc8555) | [latest][production:acme-issuer] | [✔️][release:cert-manager] | ✔️ |
  	| 🥇 | venafi-enhanced-issuer | [📄][config:venafi-enhanced-issuer] | [Venafi TLS Protect](https://venafi.com/tls-protect/) | [v1.12.1][production:venafi-enhanced-issuer] | [✔️][release:venafi-enhanced-issuer] | ❌ |
  	| 🥈 | aws-privateca-issuer | [📄][config:aws-privateca-issuer] | [AWS Private Certificate Authority](https://aws.amazon.com/certificate-manager/private-certificate-authority/) | - | [✔️][release:aws-privateca-issuer] | ✔️ |
  	| 🥈 | ca-issuer (in-tree) | [📄][config:ca-issuer] | CA issuer | - | [✔️][release:cert-manager] | ✔️ |
  	| 🥈 | command-issuer | [📄][config:command-issuer] | [Keyfactor Command](https://www.keyfactor.com/products/command/) | - | [✔️][release:command-issuer] | ✔️ |
  	| 🥈 | ejbca-issuer | [📄][config:ejbca-issuer] | [EJBCA](https://www.ejbca.org/) | - | [✔️][release:ejbca-issuer] | ✔️ |
  	| 🥈 | google-cas-issuer | [📄][config:google-cas-issuer] | [Google Cloud Certificate<br/>Authority Service](https://cloud.google.com/certificate-authority-service/) | - | [✔️][release:google-cas-issuer] | ✔️ |
  	| 🥈 | horizon-issuer | [📄][config:horizon-issuer] | [EVERTRUST Horizon](https://evertrust.fr/horizon) | - | [✔️][release:horizon-issuer] | ✔️ |
  	| 🥈 | ncm-issuer | [📄][config:ncm-issuer] | [Nokia Netguard Certificate Manager](https://www.nokia.com/networks/security-portfolio/netguard/certificate-manager) | - | [✔️][release:ncm-issuer] | ✔️ |
  	| 🥈 | selfsigned-issuer (in-tree) | [📄][config:selfsigned-issuer] | Self-Signed issuer | - | [✔️][release:cert-manager] | ✔️ |
  	| 🥈 | step-issuer | [📄][config:step-issuer] | [Certificate Authority server](https://github.com/smallstep/certificates) | - | [✔️][release:step-issuer] | ✔️ |
  	| 🥈 | tcs-issuer | [📄][config:tcs-issuer] | [Intel's SGX technology](https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/overview.html) | - | [✔️][release:tcs-issuer] | ✔️ |
  	| 🥈 | vault-issuer (in-tree) | [📄][config:vault-issuer] | [HashiCorp Vault](https://www.vaultproject.io/) | - | [✔️][release:cert-manager] | ✔️ |
  	| 🥈 | venafi-issuer (in-tree) | [📄][config:venafi-issuer] | [Venafi TLS Protect](https://venafi.com/tls-protect/) | - | [✔️][release:cert-manager] | ✔️ |
  	| 🥉 | adcs-issuer | [📄][config:adcs-issuer] | [Microsoft Active Directory<br/>Certificate Service](https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority) | - | [❌][release:adcs-issuer] | ✔️ |
  	| 🥉 | cfssl-issuer | [📄][config:cfssl-issuer] | [CFSSL](https://github.com/cloudflare/cfssl) | - | [❌][release:cfssl-issuer] | ✔️ |
  	| 🥉 | freeipa-issuer | [📄][config:freeipa-issuer] | [FreeIPA](https://www.freeipa.org) | - | [❌][release:freeipa-issuer] | ✔️ |
  	| 🥉 | kms-issuer | [📄][config:kms-issuer] | [AWS KMS](https://aws.amazon.com/kms/) | - | [❌][release:kms-issuer] | ✔️ |
  	| 🥉 | origin-ca-issuer | [📄][config:origin-ca-issuer] | [Cloudflare Origin CA](https://developers.cloudflare.com/ssl/origin-configuration/origin-ca) | - | [❌][release:origin-ca-issuer] | ✔️ |

[djkormo]

#1369

[inteon]

I think this has been fixed in #1369