Difference between revisions of "Systems/Services/Samba"
Jump to navigation
Jump to search
Amishhammer (talk | contribs) (Created page with " == Creating SSL CA and certs == <pre> openssl genrsa -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem openssl genrsa -out bob.ke...") |
Amishhammer (talk | contribs) |
||
Line 11: | Line 11: | ||
openssl x509 -req -in bob.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out bob.crt -days 500 | openssl x509 -req -in bob.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out bob.crt -days 500 | ||
openssl x509 -req -in dc01.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out dc01.crt -days 500 | openssl x509 -req -in dc01.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out dc01.crt -days 500 | ||
+ | </pre> | ||
+ | |||
+ | |||
+ | == Installing keys == | ||
+ | |||
+ | Copy them into place (bob): | ||
+ | |||
+ | * /var/lib/samba/private/tls/bob.key | ||
+ | * /var/lib/samba/private/tls/bob.crt | ||
+ | * /var/lib/samba/private/tls/rootCA.pem | ||
+ | |||
+ | Tell samba to use them: | ||
+ | |||
+ | <pre> | ||
+ | [global] | ||
+ | tls enabled = yes | ||
+ | tls keyfile = tls/bob.key | ||
+ | tls certfile = tls/bob.crt | ||
+ | tls cafile = tls/rootCA.pem | ||
</pre> | </pre> |
Revision as of 03:51, 19 September 2014
Creating SSL CA and certs
openssl genrsa -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem openssl genrsa -out bob.key 2048 openssl genrsa -out dc01.key 2048 openssl req -new -key bob.key -out bob.csr openssl req -new -key dc01.key -out dc01.csr openssl x509 -req -in bob.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out bob.crt -days 500 openssl x509 -req -in dc01.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out dc01.crt -days 500
Installing keys
Copy them into place (bob):
- /var/lib/samba/private/tls/bob.key
- /var/lib/samba/private/tls/bob.crt
- /var/lib/samba/private/tls/rootCA.pem
Tell samba to use them:
[global] tls enabled = yes tls keyfile = tls/bob.key tls certfile = tls/bob.crt tls cafile = tls/rootCA.pem