Am 12.05.21 um 16:39 schrieb Robert Marcano via samba:> I recommend you manage your own CA and replace those files autogenerated > by the Samba DC with yout CA and certificates signed by it. > > Depending on your instalation size, you will need automation with tools > like , dogtag (dogtagpki.org) for example, or use smaller graphical > tools like XCAThanks for the suggestion. I assume Samba does its own housekeeping, though? Never had to maintain these certs etc myself over the years.
Am 18.05.21 um 09:40 schrieb Stefan G. Weichinger via samba:> Am 12.05.21 um 16:39 schrieb Robert Marcano via samba: > >> I recommend you manage your own CA and replace those files >> autogenerated by the Samba DC with yout CA and certificates signed by it. >> >> Depending on your instalation size, you will need automation with >> tools like , dogtag (dogtagpki.org) for example, or use smaller >> graphical tools like XCA > > Thanks for the suggestion. > > I assume Samba does its own housekeeping, though? Never had to maintain > these certs etc myself over the years.anyone? I just compared things: I imported /var/lib/samba/private/tls/ca.pem into pfsense. No certificate cat-ed together with CA or something. The ca.pem of one DC already has expired: # openssl x509 -in ca.pem -text [..] Validity Not Before: Feb 1 22:12:06 2019 GMT Not After : Jan 1 22:12:06 2021 GMT Is that ... correct?