[Samba] Problem with intermediate certificate (tls cafile)
chriscox at endlessnow.com
Thu Aug 6 16:15:03 UTC 2020
On 8/6/20 10:43 AM, Nick Howitt via samba wrote:
> If I were guessing, based on some experience with certificate usage in other
> apps, concatenate your certificate and intermediate certificates into a single
> file which is then your "tls certfile" then point "tls cafile" to your issuers
> proper CA or just to your distro's CA bundle, e.g /etc/pki/tls/certs/ca-bundle.crt.
> On 06/08/2020 16:36, MAS Jean-Louis via samba wrote:
>> Nobody has any clues about the tls cafile ?
>> Le 04/08/2020 à 15:18, MAS Jean-Louis via samba a écrit :
>>> I have several samba servers on Debian 10 all using :
>>> samba 2:4.9.5+dfsg-5+deb10u1 amd64
>>> I use tls cafile, tls certfile and tls keyfile with certificates from
>>> Sectigo (https://cert-manager.com)
>>> And when checking my connexion from the samba server, or from outside,
>>> I've got "unable to verify the first certificate" even if tls_cafile is
>>> provided in smb.conf.
>>> What is wrong ?
>>> # checking my connexion
>>> openssl s_client -showcerts -connect localhost:636
Just a side note. When "checking" a certificate you need to ideally use a valid
name known for the certificate. And "localhost" isn't going to be it.
More information about the samba