Search This Blog

Jan 17, 2012

How to enable LDAP over SSL

It was a long time when I worked in case too similar. It's not so complicate but needs to understand the way to do it and sometimes you can forgot some steps.


Try enable LDAP over SSL thru a Certificate Authority (CA) - Windows Server 2003
The idea is the CA can generate a certificate for another/others servers can used to run LDP application over port: 686

How to do it!?
======= ======

  • Following all steps below from the server where you want run the LDP :

  • Create a new file using notepad and add the information below:

;----------------- request.inf -----------------
Signature="$Windows NT$
Subject = "CN=caserver.mpc.local"        --> Type the CA SERVER with FQDN, example: caserver.mpc.local
KeySpec = 1
KeyLength = 1024
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0


  • From cmd prompt type the following command "certreq -new request.inf request.req"
  • With the notepad open the file request.req and select all info and copy. Check the example:


  • Open the IE or any other browser and access the CA website (http://caserver/certsrv)
  • Select the option "Request a certificate"  and then click "advanced certificate request".
  • After clicking in "Submit ...File" option.
  • Paste the info previous copied in the field 64base.
  • At the same page select in the field "Certificate Template" the option "WEB SERVER"
  • Click in "Submit" .
  • Do the download using the 64base Encoded option and then save as 'certnew.cer'
  • Goes to command prompt until the folder where the file certnew.cert was saved and type the command "certreq -accept certnew.cer"
  • If no one error occur the certificate was validated successfully.
  • The last step . Goes to folder where the certificate was saved and right-button and select the option "Install Certificate"

  • Open the MMC, Certificates, Personal
  • Expand Certificates (Local Computer), expand Personal, and then expand Certificates.
  • A new certificate should exist in the Personal store. In the Certificate Properties dialog box, the intended purpose displayed is Server Authentication. This certificate is issued to the computer's fully qualified host name.
  • Restart the domain controller.

Verifying an LDAPS connection

  • After a certificate is installed, follow these steps to verify that LDAPS is enabled:
  • Start the Active Directory Administration Tool (Ldp.exe).
  • On the Connection menu, click Connect.
  • Type the name of the domain controller to which you want to connect.
  • Type 636 as the port number.
  • Click OK.

  • LDPS OK!

Articles Related

No comments:

Post a Comment