{
pki {
ca internalca {
name "Caddy Intermediate CA"
root {
cert /etc/caddy/caddy.crt.pem
key /etc/caddy/caddy.key.pem
format pem_file
}
}
}
}
https://portainer.corp.example.com {
reverse_proxy https://pilot.corp.example.com:9443
}
3. The problem I’m having:
I’m simply trying to setup Caddy to use an intermediate CA signed by our AD CS.
The key and cert are already existing and signed
We are using Caddyfile so far
And I cannot find any complete documentation about:
how to completely configure Caddy TLS to use a specific keypair
how to automated TLS in Caddyfile and not in JSON
5. What I already tried:
I’ve read what I could mixing some doc using the JSON format, some others the Caddyfile one. Documentation related to both format don’t always present the same options…
So my question as someone who started to use Caddy 2 hours ago is: what am I supposed to do to run a pretty classic and simple config for internal use with Caddy having its own Intermediate CA signed by AD CS?
Additional question: how should I add the CA chain? My /etc/caddy/caddy.crt.pem was supposed to be the Caddy CA, actually it create another intermediate one create by that intermediate. Why not.
But how can I add here the public key (only) of my Root CA (the AD CS one) to add to the chain?
We might not have covered that usecase (i.e. no access to root key). Not sure if that’s even possible with the underlying lib we use (Smallstep). We’ll have to look into that later.