[Samba] DCs: Samba CA
klou at themusiclink.net
Thu May 20 17:03:12 UTC 2021
> The ca.pem of one DC already has expired:
> # openssl x509 -in ca.pem -text
> Not Before: Feb 1 22:12:06 2019 GMT
> Not After : Jan 1 22:12:06 2021 GMT
> Is that ... correct?
By default, Samba DC self-signed certificates have a 700-day lifespan.
Have you seen
You'll have to either renew the self-signed cert via Samba (haven't tried
it, backup/delete certs and restart samba:
https://lists.samba.org/archive/samba/2017-February/206748.html), or manage
the certs separately.
Either way, you'll have new files in /var/lib/samba/private/tls and will
have to distribute accordingly.
More information about the samba