[Samba] DCs: Samba CA
Kris Lou
klou at themusiclink.net
Thu May 20 17:03:12 UTC 2021
>
> The ca.pem of one DC already has expired:
> # openssl x509 -in ca.pem -text
>
> [..]
>
> Validity
> Not Before: Feb 1 22:12:06 2019 GMT
> Not After : Jan 1 22:12:06 2021 GMT
>
> Is that ... correct?
>
By default, Samba DC self-signed certificates have a 700-day lifespan.
Have you seen
https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC
?
You'll have to either renew the self-signed cert via Samba (haven't tried
it, backup/delete certs and restart samba:
https://lists.samba.org/archive/samba/2017-February/206748.html), or manage
the certs separately.
Either way, you'll have new files in /var/lib/samba/private/tls and will
have to distribute accordingly.
More information about the samba
mailing list