Bruno Kammers Ribeiro
2025-Sep-27 17:30 UTC
[Samba] Fwd: One CA Cert for LDAPS - Multiple PDC
Does anyone have experience with LDAPS Samba AD (more than 1 DC)? How to do with ssl ca cert for both dc01 and dc02? On Wiki, the method works with 1 DC, but for 2 DC, not. I read something about SAN (subject alternative names), but don't know to do with openssl. I need only one CA with SAN for use in both DCs.
Matthias Kühne | Ellerhold Aktiengesellschaft
2025-Sep-29 07:48 UTC
[Samba] Fwd: One CA Cert for LDAPS - Multiple PDC
Hello, you can use one CA yes. It does not need any SAN or the like. Use this CA to sign your CSRs in order to create on certificate for each DC. You can use EasyRSA in order to streamline this process. Were using (Hashicorp) Vault-Agent in order to automate this and it works really well. Have a nice day, Matthias. Am 27.09.25 um 19:30 schrieb Bruno Kammers Ribeiro via samba:> Does anyone have experience with LDAPS Samba AD (more than 1 DC)? > > How to do with ssl ca cert for both dc01 and dc02? > > On Wiki, the method works with 1 DC, but for 2 DC, not. > > I read something about SAN (subject alternative names), but don't know to > do with openssl. > > I need only one CA with SAN for use in both DCs.-- Senior Webentwickler Datenschutzbeauftragter Ellerhold Aktiengesellschaft Friedrich-List-Str. 4 01445 Radebeul Telefon: +49 (0) 351 83933-61 Web: www.ellerhold.de Facebook: www.facebook.com/ellerhold.gruppe Instagram: www.instagram.com/ellerhold.gruppe LinkedIn: www.linkedin.com/company/ellerhold-gruppe Amtsgericht Dresden / HRB 23769 Vorstand: Stephan Ellerhold, Maximilian Ellerhold Vorsitzender des Aufsichtsrates: Frank Ellerhold --- Diese E-Mail und Ihre Anlagen enthalten vertrauliche Mitteilungen. Sollten Sie nicht der beabsichtigte Adressat sein, so bitten wir Sie um Mitteilung und um sofortiges l?schen dieser E-Mail und der Anlagen. Unsere Hinweise zum Datenschutz finden Sie hier: https://www.ellerhold.de/datenschutz/ This e-mail and its attachments are privileged and confidential. If you are not the intended recipient, please notify us and immediately delete this e-mail and its attachments. You can find our privacy policy here: https://www.ellerhold.de/datenschutz/