@giacomo If I drop the following content in a file in /etc/e-smith/events/certificate-update/ and chmod+x it, would that be enough ?
#!/bin/bash
cp -f /etc/pki/tls/certs/localhost.crt /var/lib/machines/nsdc/var/lib/samba/private/tls/cert.pem
cp -f /etc/pki/tls/private/localhost.key /var/lib/machines/nsdc/var/lib/samba/private/tls/key.pem
chmod 600 /var/lib/machines/nsdc/var/lib/samba/private/tls/key.pem
chmod 644 /var/lib/machines/nsdc/var/lib/samba/private/tls/cert.pem
…or is there something else I need to be aware of with these events/actions ? (it seems to work, just not sure if this will survive updates and stuff)