[Samba] Question about certificates on Samba AD/DC
Andrew Bartlett
abartlet at samba.org
Sun Jun 14 19:46:08 UTC 2020
On Sun, 2020-06-14 at 16:24 -0300, Igor Sousa via samba wrote:
> Hi everyone,
>
> I have a question about certificates generated on Samba AD/DC
> deployment.
> After all server configuration, I notice that there are ca.pem,
> cert.pem
> and key.pem on /usr/local/samba/private/tls directory. I realize the
> ca.pem
> and cert.pem have 2 years validity. Will Samba AD/DC generate
> automatically
> new certs before this time over? Or, must I have to generate them
> manually?
No, they will need be automatically renewed.
So yes, you need to generate them manually.
The original intention was that the certificates be replaced by the
administrator.
However, I think we would accept patches to extend the initial validity
on the autogenerated certificates, given that replacement almost never
happens. This makes more sense then to renew them, as that would break
software which has the current certificate manually accepted, and
potentially break a manually installed certificate.
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list