[Samba] autogenerated self-signed certificate problem
L.P.H. van Belle
belle at bazuin.nl
Fri Jul 20 14:44:43 UTC 2018
You missing or :
Smb.conf
tls cafile = tls/ca.pem
And/or ( showing the Debian steps ), the CA is missing in ca-certifcates.crt
In : /etc/ldap/ldap.conf
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
Steps todo.
mkdir /usr/local/share/ca-certificates/personal-cert
Put the root in that folder.
Run : update-ca-certificates
You need to install ca-certificates first.
apt install ca-certificates
Or, add you CA manualy, or replace the line:
TLS_CACERT /etc/ssl/certs/YourCA-File.
Best is use the first or second option.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Carlos Bordon via samba
> Verzonden: vrijdag 20 juli 2018 16:36
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] autogenerated self-signed certificate problem
>
> Hi people,
>
> i have a problem with trying ldaps
>
> i use autogenerated self-signed certificate, i write in smb this:
> tls enabled = yes
> tls keyfile = tls/key.pem
> tls certfile = tls/cert.pem
>
> without cafile
>
> when i try to verify with:
>
> openssl verify /usr/local/samba/private/tls/myCert.pem
> it said me unable to verify the first certificate
> and if add -CApath works!
>
> and finally when i try from another dc with
> openssl s_client -showcerts -connect dc1.samdom.example.com:636
> it said me unable to verify the fisrt certificate.
>
> i need add cafile in smb?
> what is worng?
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list