Systems/Services/Samba: Difference between revisions
From Pumping Station One
Amishhammer (talk | contribs) Created page with " == Creating SSL CA and certs == <pre> openssl genrsa -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem openssl genrsa -out bob.ke..." |
Amishhammer (talk | contribs) No edit summary |
||
| Line 11: | Line 11: | ||
openssl x509 -req -in bob.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out bob.crt -days 500 | openssl x509 -req -in bob.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out bob.crt -days 500 | ||
openssl x509 -req -in dc01.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out dc01.crt -days 500 | openssl x509 -req -in dc01.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out dc01.crt -days 500 | ||
</pre> | |||
== Installing keys == | |||
Copy them into place (bob): | |||
* /var/lib/samba/private/tls/bob.key | |||
* /var/lib/samba/private/tls/bob.crt | |||
* /var/lib/samba/private/tls/rootCA.pem | |||
Tell samba to use them: | |||
<pre> | |||
[global] | |||
tls enabled = yes | |||
tls keyfile = tls/bob.key | |||
tls certfile = tls/bob.crt | |||
tls cafile = tls/rootCA.pem | |||
</pre> | </pre> | ||
Revision as of 21:51, 18 September 2014
Creating SSL CA and certs
openssl genrsa -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem openssl genrsa -out bob.key 2048 openssl genrsa -out dc01.key 2048 openssl req -new -key bob.key -out bob.csr openssl req -new -key dc01.key -out dc01.csr openssl x509 -req -in bob.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out bob.crt -days 500 openssl x509 -req -in dc01.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out dc01.crt -days 500
Installing keys
Copy them into place (bob):
- /var/lib/samba/private/tls/bob.key
- /var/lib/samba/private/tls/bob.crt
- /var/lib/samba/private/tls/rootCA.pem
Tell samba to use them:
[global] tls enabled = yes tls keyfile = tls/bob.key tls certfile = tls/bob.crt tls cafile = tls/rootCA.pem
