[Samba] DCs: Samba CA
Stefan G. Weichinger
lists at xunil.at
Wed May 12 14:15:17 UTC 2021
At a few customers I run OpenVPN with authentication against the Samba
DCs, the OpenVPN-server runs on a pfsense appliance.
To run this encrypted I had to export the Samba CAs and import them on
the pfsense machine.
Now these CAs are only valid for about two months anymore and I plan to
renew them on the pfsense.
As far as documented(=remember ;-)) I took them from
# ls -l /var/lib/samba/private/tls
insgesamt 12
-rw-r--r-- 1 root root 2074 Aug 29 2019 ca.pem
-rw-r--r-- 1 root root 2078 Aug 29 2019 cert.pem
-rw------- 1 root root 3243 Aug 29 2019 key.pem
As you can see the files in there are ~1.5 yrs old.
My questions:
Does Samba somehow renew them? If yes, how and when? Can I manually
trigger that?
I wrote in a posting:
"imported the samba-AD-CA (ca.pem) as additional CA into pfsense"
Is that correct or do I have to build some chained.pem or something?
More information about the samba
mailing list