[Samba] Auto generated certificates?
Rowland Penny
rpenny at samba.org
Tue Nov 8 14:36:06 UTC 2022
On 08/11/2022 08:47, Harald Hannelius via samba wrote:
>
> I read that Samba creates self-signed certificates for itself when
> started the first time. These have a lifetime of 700 days. Does this
> mean that Samba will stop working 700 days after installing it unless I
> renew these myself manually?
>
> Are there caveats in using our own self-signed certs with longer
> lifetimes or even "real" certificates?
>
> Also, wouldn't it be good if all Samba certificates would have a
> Alternate Name of "DOMAIN" so when e.g. ldap-clients connect to the
> domain-address the certificate would match?
>
>
The real question is: what are you using the certificates for ?
If it is for ldap searches, then can I suggest you use kerberos instead,
it is even more secure.
Rowland
More information about the samba
mailing list