Hi bryan,
When receiving a BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID backup key protocol
request, the server will return a certificate and the product behavior
note <5> Section 2.2.1 says
"The notBefore field is set to the date and time (as determined by the
server) at which the RSA
key pair was generated.
The notAfter field is set to exactly 365 days after the date and time in
the notBefore field.".
As the first key is generated on dcpromo, it will mean that 1 year after
that the certificate could be returned with a notAfter that is before
the current date.
So my question is the following: will Windows server return a new
certificate if the one that it was about to send is expired ? or will it
keep sending the same certificate ?
Thanks for your future answer.
--
Matthieu Patou
Samba Team http://samba.org
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol
