Author Topic: Samba SSL Certificates - Zentyal 5  (Read 257 times)

stefanobr

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Samba SSL Certificates - Zentyal 5
« on: July 09, 2020, 02:58:25 am »
Hi all,

An external company did a pen test on our Zentyal servers and found some issues with the samba certificates, namely:
SSL Certificate Signed Using Weak Hashing Algorithm
SSL Medium Strength Cipher Suites Supported (SWEET32)

How would I go about solving this? Do I need to issue new, self signed certificates for samba? Or am I completely off track?

Thank you so much in advance!

Regards,
S~

doncamilo

  • Zen Samurai
  • ****
  • Posts: 417
  • Karma: +125/-1
    • View Profile
Re: Samba SSL Certificates - Zentyal 5
« Reply #1 on: July 14, 2020, 02:58:27 pm »
 :)

Read this: https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC

Prepare your own certificates with the needed options with openssl.

Cheers!
- Do my pigeons bother you passing over your land?
- They block the sun!

G. Guareschi., Don Camillo.,