[Samba] DCs: Samba CA

Stefan G. Weichinger lists at xunil.at
Thu May 20 07:19:06 UTC 2021

Am 18.05.21 um 09:40 schrieb Stefan G. Weichinger via samba:
> Am 12.05.21 um 16:39 schrieb Robert Marcano via samba:
>> I recommend you manage your own CA and replace those files 
>> autogenerated by the Samba DC with yout CA and certificates signed by it.
>> Depending on your instalation size, you will need automation with 
>> tools like , dogtag (dogtagpki.org) for example, or use smaller 
>> graphical tools like XCA
> Thanks for the suggestion.
> I assume Samba does its own housekeeping, though? Never had to maintain 
> these certs etc myself over the years.


I just compared things: I imported /var/lib/samba/private/tls/ca.pem 
into pfsense. No certificate cat-ed together with CA or something.

The ca.pem of one DC already has expired:
# openssl x509 -in ca.pem -text


             Not Before: Feb  1 22:12:06 2019 GMT
             Not After : Jan  1 22:12:06 2021 GMT

Is that ... correct?

More information about the samba mailing list