[Samba] DCs: TLS question

Stefan G. Weichinger lists at xunil.at
Tue Jan 7 10:34:02 UTC 2025


In a samba-domain at a customer we use the AD-DCs for authenticating 
VPN-users.

I export the ca.pem and cert.pem from /var/lib/samba/private/tls and 
import them in the pfSense we use as VPN gateway.

When the certs are close to expiry I rm the files from that directory 
and let samba recreate all 3 files (CA, key, cert)

Is there a more elegant way of doing that renewal?

IMO the CA could live longer, right?

I assume this leads to openssl-fiddling, rm-ing is somewhat easier to do ;-)

Maybe only rm the cert/key pair?

Any tips welcome.



More information about the samba mailing list