James B. Byrne
2020-Aug-07 12:36 UTC
[Samba] Problem with intermediate certificate (tls cafile)
On Thu, August 6, 2020 11:36, MAS Jean-Louis wrote:> Nobody has any clues about the tls cafile ? > > Regards > > Le 04/08/2020 ?? 15:18, MAS Jean-Louis via samba a ??crit??: >> I have several samba servers on Debian 10 all using : >> >> samba 2:4.9.5+dfsg-5+deb10u1 amd64 >> >> I use tls cafile, tls certfile and tls keyfile with certificates from >> Sectigo (https://cert-manager.com) >> >> And when checking my connexion from the samba server, or from outside, >> I've got "unable to verify the first certificate" even if tls_cafile is >> provided in smb.conf. >> >> What is wrong ? >> >> # checking my connexion >> >> openssl s_client -showcerts -connect localhost:636 >> >> CONNECTED(00000003) >> Can't use SSL_get_servername >> depth=0 C = FR, postalCode = 00000, ST = XXX, L = XXX, O = XXX, OU >> XXX, CN = ad-rep2.example.com >> verify error:num=20:unable to get local issuer certificate >> verify return:1 >> depth=0 C = FR, postalCode = 00000, ST = XXX, L = XXX, O = XXX, OU >> XXX, CN = ad-rep2.example.com >> verify error:num=21:unable to verify the first certificate >> verify return:1 >> ...In my experience this is saying that the remote does not support ssl on that port. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Unencrypted messages have no legal claim to privacy Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Maybe Matching Threads
Wisdom of the Ancients
