# samba:   TLS certificate generation failed



## Paul-LKW (Mar 10, 2021)

Hi All:
I just installing a new FreeBSD 12.2 with Samba412 and all its dependent but when I finished the provision and issue the command "samba" I find it will terminate automatically, in the LOG file I find;

```
Mar 10 15:39:16 HOME samba[2483]: [2021/03/10 15:39:16.477889,  0] ../../source4/smbd/server.c:631(binary_smbd_main)
Mar 10 15:39:16 HOME samba[2483]:   samba version 4.12.9 started.
Mar 10 15:39:16 HOME samba[2483]:   Copyright Andrew Tridgell and the Samba Team 1992-2020
Mar 10 15:39:16 HOME samba[2484]: [2021/03/10 15:39:16.842132,  0] ../../source4/smbd/server.c:872(binary_smbd_main)
Mar 10 15:39:16 HOME samba[2484]:   binary_smbd_main: samba: using 'prefork' process model
Mar 10 15:39:16 HOME samba[2499]: [2021/03/10 15:39:16.880313,  0] ../../source4/lib/tls/tlscert.c:66(tls_cert_generate)
Mar 10 15:39:16 HOME samba[2499]:   Attempting to autogenerate TLS self-signed keys for https for hostname 'HOME.o.o'
Mar 10 15:39:16 HOME samba[2484]: [2021/03/10 15:39:16.913639,  0] ../../lib/util/become_daemon.c:136(daemon_ready)
Mar 10 15:39:16 HOME samba[2484]:   daemon_ready: daemon 'samba' finished starting up and ready to serve connections
Mar 10 15:39:17 HOME winbindd[2534]: [2021/03/10 15:39:17.524745,  0] ../../source3/winbindd/winbindd_cache.c:3205(initialize_winbindd_cache)
Mar 10 15:39:17 HOME winbindd[2534]:   initialize_winbindd_cache: clearing cache and re-creating with version number 2
Mar 10 15:39:17 HOME winbindd[2534]: [2021/03/10 15:39:17.605094,  0] ../../lib/util/become_daemon.c:136(daemon_ready)
Mar 10 15:39:17 HOME winbindd[2534]:   daemon_ready: daemon 'winbindd' finished starting up and ready to serve connections
Mar 10 15:39:17 HOME samba[2499]: [2021/03/10 15:39:17.694827,  0] ../../source4/lib/tls/tlscert.c:97(tls_cert_generate)
Mar 10 15:39:17 HOME samba[2499]:   TLS gnutls_x509_crt_sign2(cacrt, cacrt, cakey, GNUTLS_DIG_SHA256, 0) - ASN1 parser: Value is not valid.
Mar 10 15:39:17 HOME samba[2499]: [2021/03/10 15:39:17.698813,  0] ../../source4/lib/tls/tlscert.c:156(tls_cert_generate)
Mar 10 15:39:17 HOME samba[2499]:   TLS certificate generation failed
Mar 10 15:39:17 HOME samba[2499]: [2021/03/10 15:39:17.698930,  0] ../../source4/lib/tls/tls_tstream.c:1157(tstream_tls_params_server)
Mar 10 15:39:17 HOME samba[2499]:   TLS failed to initialise cafile /var/db/samba4/private/tls/ca.pem - Error while reading file.
Mar 10 15:39:17 HOME samba[2499]: [2021/03/10 15:39:17.698982,  0] ../../source4/ldap_server/ldap_server.c:1314(ldapsrv_task_init)
Mar 10 15:39:17 HOME samba[2499]:   ldapsrv failed tstream_tls_params_server - NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Mar 10 15:39:17 HOME samba[2499]: [2021/03/10 15:39:17.699009,  0] ../../source4/smbd/service_task.c:36(task_server_terminate)
Mar 10 15:39:17 HOME samba[2499]:   task_server_terminate: task_server_terminate: [Failed to startup ldap server task]
Mar 10 15:39:17 HOME samba[2484]: [2021/03/10 15:39:17.705465,  0] ../../source4/smbd/server.c:378(samba_terminate)
Mar 10 15:39:17 HOME samba[2484]:   samba_terminate: samba_terminate of samba 2484: Failed to startup ldap server task
```
any help or suggestion is appreciated, many thanks.
Paul.LKW


----------



## wilschie (Mar 11, 2021)

I had the same problem. Could not find out what was wrong. My workaround was to generate a self signed certificate manually following the documentation in the Samba Wiki Using a custom self signed certificate.

Best
Willi


----------



## msplsh (Mar 11, 2021)

"ASN1 parser: Value is not valid" probably means a name you chose is "bad."  Just a guess.


----------



## Paul-LKW (Mar 12, 2021)

wischie , Yes tested with this method is worked and thanks for your suggestion and wondering does the pkg package tested by the packager to see does it really work!


----------



## Remy (Mar 16, 2021)

I ran into the same problem and I tracked this back to the libasn1 package. When you switch to the _latest_ package branch, a version of the package in which the bug is fixed, is installed.


----------

