If you're using a certificate file issued by a third party certificate authority, you can use the Certificates snap-in or Windows Admin Center to import it. For a demonstration of creating a certificate for SMB over QUIC using a Microsoft Enterprise Certificate Authority, watch this video: For more information on creating a certificate template, review Designing and Implementing a PKI: Part III Certificate Templates. If using a Microsoft Enterprise Certificate Authority, you can create a certificate template and allow the file server administrator to supply the DNS names when requesting it. Subject: (CN= anything, but must exist).Subject Alternative Name (SAN): (A DNS name entry for each fully qualified DNS name used to reach the SMB server).Can also use RSA with at least 2048 length) Public key algorithm: ECDSA_P256 (or greater.Signature algorithm: SHA256RSA (or greater).
#Alternative to smbup install#
A Public Key Infrastructure to issue certificates like Active Directory Certificate Server or access to a trusted third party certificate issuer like Verisign, Digicert, Let's Encrypt, and so on.ĭeploy SMB over QUIC Step 1: Install a server certificateĬreate a Certificate Authority-issued certificate with the following properties:.A Windows 11 computer ( Windows for business).A file server running Windows Server 2022 Datacenter: Azure Edition ( Microsoft Server Operating Systems).To use SMB over QUIC, you need the following things: Windows SMB clients still use TCP by default and will only attempt SMB over QUIC if the TCP attempt first fails or if intentionally requiring QUIC using NET USE /TRANSPORT:QUIC or New-SmbMapping -TransportType QUIC. It isn't on by default and a client can't force a file server to enable SMB over QUIC. SMB features like multichannel, signing, compression, continuous availability, directory leasing, and so on, work normally.Ī file server administrator must opt in to enabling SMB over QUIC. SMB behaves normally within the QUIC tunnel, meaning the user experience doesn't change. All SMB traffic, including authentication and authorization within the tunnel is never exposed to the underlying network. The server certificate creates a TLS 1.3-encrypted tunnel over the internet-friendly UDP port 443 instead of the legacy TCP port 445. SMB over QUIC offers an "SMB VPN" for telecommuters, mobile device users, and high security organizations. Survives a change in the clients IP address or port.Improved congestion control and loss recovery.Exchanges application data in the first round trip (0-RTT).
0 kommentar(er)
