[Samba] DCs: Samba CA

Stefan G. Weichinger lists at xunil.at
Thu May 20 07:19:06 UTC 2021


Am 18.05.21 um 09:40 schrieb Stefan G. Weichinger via samba:
> Am 12.05.21 um 16:39 schrieb Robert Marcano via samba:
> 
>> I recommend you manage your own CA and replace those files 
>> autogenerated by the Samba DC with yout CA and certificates signed by it.
>>
>> Depending on your instalation size, you will need automation with 
>> tools like , dogtag (dogtagpki.org) for example, or use smaller 
>> graphical tools like XCA
> 
> Thanks for the suggestion.
> 
> I assume Samba does its own housekeeping, though? Never had to maintain 
> these certs etc myself over the years.

anyone?

I just compared things: I imported /var/lib/samba/private/tls/ca.pem 
into pfsense. No certificate cat-ed together with CA or something.

The ca.pem of one DC already has expired:
# openssl x509 -in ca.pem -text

[..]

         Validity
             Not Before: Feb  1 22:12:06 2019 GMT
             Not After : Jan  1 22:12:06 2021 GMT

Is that ... correct?





More information about the samba mailing list