[Samba] DCs: TLS question
Stefan G. Weichinger
lists at xunil.at
Tue Jan 7 10:34:02 UTC 2025
In a samba-domain at a customer we use the AD-DCs for authenticating
VPN-users.
I export the ca.pem and cert.pem from /var/lib/samba/private/tls and
import them in the pfSense we use as VPN gateway.
When the certs are close to expiry I rm the files from that directory
and let samba recreate all 3 files (CA, key, cert)
Is there a more elegant way of doing that renewal?
IMO the CA could live longer, right?
I assume this leads to openssl-fiddling, rm-ing is somewhat easier to do ;-)
Maybe only rm the cert/key pair?
Any tips welcome.
More information about the samba
mailing list