[Samba] autogenerated self-signed certificate problem
L.P.H. van Belle
belle at bazuin.nl
Fri Jul 20 14:44:43 UTC 2018
You missing or :
tls cafile = tls/ca.pem
And/or ( showing the Debian steps ), the CA is missing in ca-certifcates.crt
In : /etc/ldap/ldap.conf
Put the root in that folder.
Run : update-ca-certificates
You need to install ca-certificates first.
apt install ca-certificates
Or, add you CA manualy, or replace the line:
Best is use the first or second option.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Carlos Bordon via samba
> Verzonden: vrijdag 20 juli 2018 16:36
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] autogenerated self-signed certificate problem
> Hi people,
> i have a problem with trying ldaps
> i use autogenerated self-signed certificate, i write in smb this:
> tls enabled = yes
> tls keyfile = tls/key.pem
> tls certfile = tls/cert.pem
> without cafile
> when i try to verify with:
> openssl verify /usr/local/samba/private/tls/myCert.pem
> it said me unable to verify the first certificate
> and if add -CApath works!
> and finally when i try from another dc with
> openssl s_client -showcerts -connect dc1.samdom.example.com:636
> it said me unable to verify the fisrt certificate.
> i need add cafile in smb?
> what is worng?
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba