LDAPS connection without CA
-
@maxxer just use pfsense to generate the cert and copy/paste the whole chain to you samba server
-
@heper thanks, indeed that could work, but it's making the things from down up. I'd rather find a solution using my own certs/setup
-
@maxxer well it's up to you if you want to make things more difficult then they have to be
enjoy
-
@heper I simply don't want to depend on pfSense to deploy a certificate in Samba or whatever other service
-
@maxxer well that's up to you.
you can setup a CA on any other device, that is not pfsense, to depend upon for your certificate chain then
-
How can pfSense authenticate the server if it doesn't have a CA cert to authenticate it against?
-
What puzzles me, I'm creating a CA following this guide, but pfSense says the cert created is not for a CA but for a simple cert.
The command is:
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem -
@maxxer you did import your created CA on your pfsense device right ?
-
@heper said in LDAPS connection without CA:
@maxxer you did import your created CA on your pfsense device right ?
Yes, when I import in pfSense CA it says:
The submitted certificate does not appear to be a Certificate Authority, import it on the Certificates tab instead.
-
@maxxer then you are doing something wrong ....
i followed ur guide to create the CA & copy/pasted it to one of my pfsense devices and it imported just fine.
it doesn't like the privatekey because pfsense doesn't seem to like encrypted privatekeys. (lose the -des3)
-
@heper thanks for testing. Shame on me, I was running the commands on macOS and not on Linux. Trying on the latter worked, indeed! Damn mac, how much wasted time on this!! Thanks again
