[cifs-protocol] behavior of windows server on certificate expiration

Matthieu Patou mat at samba.org
Wed Sep 29 17:32:20 MDT 2010

  Hi bryan,

When receiving a BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID backup key protocol 
request, the server will return a certificate and the product behavior 
note <5> Section 2.2.1 says
"The notBefore field is set to the date and time (as determined by the 
server) at which the RSA
key pair was generated.
The notAfter field is set to exactly 365 days after the date and time in 
the notBefore field.".

As the first key is generated on dcpromo, it will mean that 1 year after 
that the certificate could be returned with a notAfter that is before 
the current date.

So my question is the following: will Windows server return a new 
certificate if the one that it was about to send is expired ? or will it 
keep sending the same certificate ?

Thanks for your future answer.

Matthieu Patou
Samba Team        http://samba.org

More information about the cifs-protocol mailing list