seems like interesting info for the wiki Michael
2013/5/10 Tim Vangehugten <timvangehug...@gmail.com> > Today I have looked again at the SSL certs from samba and I got them to > work with intermediate certificates. If you want to do this you need to > have to following: > > IntermediateCA.crt > Yourdomain.crt > Yourdomain.key > and last your Global Root CA.pem (Mine intermediate CA is Alphassl so this > was GlobalSign_root_CA.pem) > > Now copy your IntermediateCA.crt to /usr/local/samba/private/tls/ca.pem and > Yourdomain.key to /usr/local/samba/private/tls/key.pem > > The part where it went wrong at first time was the cert.pem but to make it > work you have to do the following, create the file > /usr/local/samba/private/tls/cert.pem and put at the beginning of the file > the certificate from Yourdomain.crt followed by the certificate in the file > IntermediateCA.crt and behind this you have to put your rootCA.pem and then > save the file. > > Your cert.pem will look like the following: > > -----BEGIN CERTIFICATE----- > Certificate of Yourdomain.crt > -----END CERTIFICATE----- > -----BEGIN CERTIFICATE----- > Certificate of IntermediateCA.crt > -----END CERTIFICATE----- > -----BEGIN CERTIFICATE----- > Certificate of RootCA.crt in mine case this was GlobalSign_root_CA.pem > -----END CERTIFICATE----- > > Restart samba and you now have your ldap running with a verified > intermediate certificate. > > > > Best Regards > Tim Vangehugten > > > 2013/4/27 Michael Wood <esiot...@gmail.com> > > > On 27 April 2013 10:02, Tim Vangehugten <timvangehug...@gmail.com> > wrote: > > > I already put them into /usr/local/samba/private/tls and samba had read > > them > > > I just get the error that my CA is untrusted though I got my > certificate > > > signed by an intermediate CA. So probably it's somewhere my fault and > not > > > related to samba :) > > > > OK, not sure how it works with intermediate CAs. Maybe you need to > > have both root and intermediate CA certs in ca.pem, but I haven't > > tried it. > > > > > 2013/4/26 Michael Wood <esiot...@gmail.com> > > >> > > >> On 25 April 2013 15:38, Tim Vangehugten <timvangehug...@gmail.com> > > wrote: > > >> > Hello, > > >> > > > >> > Is it possible to load my signed certificate into samba4 ldap so the > > >> > samba4 > > >> > ldap would use it if a client connects to it? And if so, could > someone > > >> > provide me with the details on howto do this or point me in the > right > > >> > direction? > > >> > > >> Yes. > > >> > > >> Make sure you have the GnuTLS development libraries installed before > > >> compiling Samba. Then put your CA cert, cert and key in > > >> /usr/local/samba/private/tls. They should be named ca.pem, cert.pem > > >> and key.pem. > > >> > > >> I think you'll also need a DH params file. > > >> > > >> -- > > >> Michael Wood <esiot...@gmail.com> > > > > > > > > > > > > > > -- > > Michael Wood <esiot...@gmail.com> > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- Michael De Groote ICT-coordinator Sint-Pietersschool Korbeek-Lo ICT-support Sancta Maria Basisschool Leuven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
