[Samba] autogenerated self-signed certificate problem

L.P.H. van Belle belle at bazuin.nl
Fri Jul 20 14:44:43 UTC 2018

You missing or : 

tls cafile = tls/ca.pem

And/or   ( showing the Debian steps ), the CA is missing in ca-certifcates.crt 
In : /etc/ldap/ldap.conf  
TLS_CACERT      /etc/ssl/certs/ca-certificates.crt

Steps todo. 
mkdir /usr/local/share/ca-certificates/personal-cert
Put the root in that folder.
Run : update-ca-certificates 

You need to install ca-certificates first. 
apt install ca-certificates

Or, add you CA manualy, or replace the line: 
TLS_CACERT      /etc/ssl/certs/YourCA-File. 

Best is use the first or second option. 



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Carlos Bordon via samba
> Verzonden: vrijdag 20 juli 2018 16:36
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] autogenerated self-signed certificate problem
> Hi people,
> i have a problem with trying ldaps
> i use autogenerated self-signed certificate, i write in smb this:
> tls enabled  = yes
> tls keyfile  = tls/key.pem
> tls certfile = tls/cert.pem
> without cafile
> when i try to verify with:
> openssl verify /usr/local/samba/private/tls/myCert.pem
> it said me unable to verify the first certificate
> and if add -CApath works!
> and finally when i try from another dc with
> openssl s_client -showcerts -connect dc1.samdom.example.com:636
> it said me unable to verify the fisrt certificate.
> i need add cafile in smb?
> what is worng?
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list