[cifs-protocol] behavior of windows server on certificate expiration
mat at samba.org
Wed Sep 29 17:32:20 MDT 2010
When receiving a BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID backup key protocol
request, the server will return a certificate and the product behavior
note <5> Section 2.2.1 says
"The notBefore field is set to the date and time (as determined by the
server) at which the RSA
key pair was generated.
The notAfter field is set to exactly 365 days after the date and time in
the notBefore field.".
As the first key is generated on dcpromo, it will mean that 1 year after
that the certificate could be returned with a notAfter that is before
the current date.
So my question is the following: will Windows server return a new
certificate if the one that it was about to send is expired ? or will it
keep sending the same certificate ?
Thanks for your future answer.
Samba Team http://samba.org
More information about the cifs-protocol