[Samba] Auto generated certificates?

Rowland Penny rpenny at samba.org
Tue Nov 8 14:36:06 UTC 2022

On 08/11/2022 08:47, Harald Hannelius via samba wrote:
> I read that Samba creates self-signed certificates for itself when 
> started the first time. These have a lifetime of 700 days. Does this 
> mean that Samba will stop working 700 days after installing it unless I 
> renew these myself manually?
> Are there caveats in using our own self-signed certs with longer 
> lifetimes or even "real" certificates?
> Also, wouldn't it be good if all Samba certificates would have a 
> Alternate Name of "DOMAIN" so when e.g. ldap-clients connect to the 
> domain-address the certificate would match?

The real question is: what are you using the certificates for ?

If it is for ldap searches, then can I suggest you use kerberos instead, 
it is even more secure.


More information about the samba mailing list