[Samba] Problem with intermediate certificate (tls cafile)
James B. Byrne
byrnejb at harte-lyne.ca
Fri Aug 7 12:36:11 UTC 2020
On Thu, August 6, 2020 11:36, MAS Jean-Louis wrote:
> Nobody has any clues about the tls cafile ?
>
> Regards
>
> Le 04/08/2020 à 15:18, MAS Jean-Louis via samba a écrit :
>> I have several samba servers on Debian 10 all using :
>>
>> samba 2:4.9.5+dfsg-5+deb10u1 amd64
>>
>> I use tls cafile, tls certfile and tls keyfile with certificates from
>> Sectigo (https://cert-manager.com)
>>
>> And when checking my connexion from the samba server, or from outside,
>> I've got "unable to verify the first certificate" even if tls_cafile is
>> provided in smb.conf.
>>
>> What is wrong ?
>>
>> # checking my connexion
>>
>> openssl s_client -showcerts -connect localhost:636
>>
>> CONNECTED(00000003)
>> Can't use SSL_get_servername
>> depth=0 C = FR, postalCode = 00000, ST = XXX, L = XXX, O = XXX, OU =
>> XXX, CN = ad-rep2.example.com
>> verify error:num=20:unable to get local issuer certificate
>> verify return:1
>> depth=0 C = FR, postalCode = 00000, ST = XXX, L = XXX, O = XXX, OU =
>> XXX, CN = ad-rep2.example.com
>> verify error:num=21:unable to verify the first certificate
>> verify return:1
>> ...
In my experience this is saying that the remote does not support ssl on that port.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Unencrypted messages have no legal claim to privacy
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the samba
mailing list