[Samba] [Solved] Problem with intermediate certificate (tls cafile)

L.P.H. van Belle belle at bazuin.nl
Mon Aug 10 09:50:16 UTC 2020


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: maandag 10 augustus 2020 10:36
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] [Solved] Problem with intermediate 
> certificate (tls cafile)
> On 10/08/2020 08:19, MAS Jean-Louis via samba wrote:
> > By the way, should the Samba's documentation
> > 
> (https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(L
> DAPS)_on_a_Samba_AD_DC#Using_a_trusted_certificate)
> > be modified to explain that particular point ?
> The problem is that I run my own CA for testing purposes and 
> with 'ldap 
> server require strong auth = yes' effectively set in 
> smb.conf, along with:
>          tls keyfile  = tls/myKey.pem
>          tls certfile = tls/myCert.pem
>          tls cafile =
> It works for me ;-)

For now, yes. 

But for future setups, we should use intermediate certificates now also as some browsers will mark the sites as insecure if they dont have intermediates. 
I'm changeing all my certificates at the moment, im adding the intermediates. 

> So the wikipage appears to be correct, as far as it goes.
Yes, its correct, but getting a small bit out-dated. 
Apple, google are making these setups more obligated. (always https and having intermediate certs). 
Cant find the article on the intermediates but its there somewhere. 



More information about the samba mailing list