I've created my SSL certificate through an intermediate and have attached the certificate, key and (chain) CA to the Samba4 config under [General]. Upon restarting Samba though, the LDAP server is no longer functional. This issue only seems to occur when I use my trusted certificate, self-signed certificates work fine.
In smb.conf I have added the following:
tls enabled = yes
tls keyfile = tls/dc1.example.com-key.pem
tls certfile = tls/dc1.example.com-cert.pem
tls cafile = tls/ca-chain-root.pem
When testing it with the following I get an OK response and should be good to go:
openssl verify /usr/local/samba/private/tls/dc1.example.com-cert.pem -CAfile /usr/local/samba/private/tls/ca-chain-root.pem
Once these changes take effect, LDAP stops running, nmap confirms that there is nothing on port 636 now as well, the test below returns nothing because LDAP is not active:
openssl s_client -showcerts -connect localhost:636 -CAfile /usr/local/samba/private/tls/ca-chain-root.pem
I'm sure I'm missing something simple here, I've correctly generated SSL certificates for the rest of my servers with no issues. Any help would be appreciated.
OpenSSL commands used to generate the certificate:
openssl genrsa -out intermediate/private/dc1.example.com-key.pem 2048
openssl req -config intermediate/openssl.cnf -key intermediate/private/dc1.example.com-key.pem -new -sha256 -out intermediate/csr/dc1.example.com-csr.pem
openssl ca -config intermediate/openssl.cnf -extensions server_cert -days 3750 -notext -md sha256 -in intermediate/csr/dc1.example.com-csr.pem -out intermediate/certs/dc1.example.com-cert.pem
