[Samba] autogenerated self-signed certificate problem

[Carlos Bordon]

Thanks!

i do it, now, how i can see any change after run update ca?

2018-07-20 11:44 GMT-03:00 L.P.H. van Belle via samba <samba at lists.samba.org
>:

> You missing or :
>
> Smb.conf
> tls cafile = tls/ca.pem
>
> And/or   ( showing the Debian steps ), the CA is missing in
> ca-certifcates.crt
> In : /etc/ldap/ldap.conf
> TLS_CACERT      /etc/ssl/certs/ca-certificates.crt
>
> Steps todo.
> mkdir /usr/local/share/ca-certificates/personal-cert
> Put the root in that folder.
> Run : update-ca-certificates
>
> You need to install ca-certificates first.
> apt install ca-certificates
>
>
> Or, add you CA manualy, or replace the line:
> TLS_CACERT      /etc/ssl/certs/YourCA-File.
>
> Best is use the first or second option.
>
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Carlos Bordon via samba
> > Verzonden: vrijdag 20 juli 2018 16:36
> > Aan: samba at lists.samba.org
> > Onderwerp: [Samba] autogenerated self-signed certificate problem
> >
> > Hi people,
> >
> > i have a problem with trying ldaps
> >
> > i use autogenerated self-signed certificate, i write in smb this:
> > tls enabled  = yes
> > tls keyfile  = tls/key.pem
> > tls certfile = tls/cert.pem
> >
> > without cafile
> >
> > when i try to verify with:
> >
> > openssl verify /usr/local/samba/private/tls/myCert.pem
> > it said me unable to verify the first certificate
> > and if add -CApath works!
> >
> > and finally when i try from another dc with
> > openssl s_client -showcerts -connect dc1.samdom.example.com:636
> > it said me unable to verify the fisrt certificate.
> >
> > i need add cafile in smb?
> > what is worng?
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>