[Samba] SSL certificate in SAMBA4 LDAP?
timvangehugten at gmail.com
Fri May 10 05:32:23 MDT 2013
Today I have looked again at the SSL certs from samba and I got them to
work with intermediate certificates. If you want to do this you need to
have to following:
and last your Global Root CA.pem (Mine intermediate CA is Alphassl so this
Now copy your IntermediateCA.crt to /usr/local/samba/private/tls/ca.pem and
Yourdomain.key to /usr/local/samba/private/tls/key.pem
The part where it went wrong at first time was the cert.pem but to make it
work you have to do the following, create the file
/usr/local/samba/private/tls/cert.pem and put at the beginning of the file
the certificate from Yourdomain.crt followed by the certificate in the file
IntermediateCA.crt and behind this you have to put your rootCA.pem and then
save the file.
Your cert.pem will look like the following:
Certificate of Yourdomain.crt
Certificate of IntermediateCA.crt
Certificate of RootCA.crt in mine case this was GlobalSign_root_CA.pem
Restart samba and you now have your ldap running with a verified
2013/4/27 Michael Wood <esiotrot at gmail.com>
> On 27 April 2013 10:02, Tim Vangehugten <timvangehugten at gmail.com> wrote:
> > I already put them into /usr/local/samba/private/tls and samba had read
> > I just get the error that my CA is untrusted though I got my certificate
> > signed by an intermediate CA. So probably it's somewhere my fault and not
> > related to samba :)
> OK, not sure how it works with intermediate CAs. Maybe you need to
> have both root and intermediate CA certs in ca.pem, but I haven't
> tried it.
> > 2013/4/26 Michael Wood <esiotrot at gmail.com>
> >> On 25 April 2013 15:38, Tim Vangehugten <timvangehugten at gmail.com>
> >> > Hello,
> >> >
> >> > Is it possible to load my signed certificate into samba4 ldap so the
> >> > samba4
> >> > ldap would use it if a client connects to it? And if so, could someone
> >> > provide me with the details on howto do this or point me in the right
> >> > direction?
> >> Yes.
> >> Make sure you have the GnuTLS development libraries installed before
> >> compiling Samba. Then put your CA cert, cert and key in
> >> /usr/local/samba/private/tls. They should be named ca.pem, cert.pem
> >> and key.pem.
> >> I think you'll also need a DH params file.
> >> --
> >> Michael Wood <esiotrot at gmail.com>
> Michael Wood <esiotrot at gmail.com>
More information about the samba