[Samba] DCs: Samba CA
Stefan G. Weichinger
lists at xunil.at
Thu May 20 07:19:06 UTC 2021
Am 18.05.21 um 09:40 schrieb Stefan G. Weichinger via samba:
> Am 12.05.21 um 16:39 schrieb Robert Marcano via samba:
>> I recommend you manage your own CA and replace those files
>> autogenerated by the Samba DC with yout CA and certificates signed by it.
>> Depending on your instalation size, you will need automation with
>> tools like , dogtag (dogtagpki.org) for example, or use smaller
>> graphical tools like XCA
> Thanks for the suggestion.
> I assume Samba does its own housekeeping, though? Never had to maintain
> these certs etc myself over the years.
I just compared things: I imported /var/lib/samba/private/tls/ca.pem
into pfsense. No certificate cat-ed together with CA or something.
The ca.pem of one DC already has expired:
# openssl x509 -in ca.pem -text
Not Before: Feb 1 22:12:06 2019 GMT
Not After : Jan 1 22:12:06 2021 GMT
Is that ... correct?
More information about the samba