• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Paul Clapham
  • Rob Spoor
  • Junilu Lacar
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Carey Brown
Bartenders:

how to get ssl certificate for ldap for MS Active directory

 
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


am new to LDAP / Active Directory environment.

am trying to connect with LDAP / Active Directory using SSL support.

to connect LDAP/Active Directory, SSL certificate is required to establish the connection.

I have been googling, and most of the result is to "create a certificate using Microsoft CA (certificate authority)". Is this is the only way to generate a certificate for LDAP/Active Directory?

How can i get SSL Certificate for LDAP / Active Directory? Is there any other way to get the SSL Certificate for LDAP/Active Directory?
 
Saloon Keeper
Posts: 14672
330
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can get a certificate from any CA. You can even create a certificate yourself, although you must only use such a certificate for development purposes, not for a live domain controller.

For a production environment, what CA to use kinda depends on who will be accessing the domain controller. For instance, if you only want to use LDAPS within a company intranet, you can setup a CA for your own company, and add its root certificate to the trusted certificates of all systems within your company intranet. Then you request a certificate from your own CA as outlined here. Install the certificate in the domain controller's personal certificate store. Active Directory will now use this certificate to identify itself when accessing it through LDAPS. Systems in your intranet will authenticate the domain controller's identity by verifying that its certificate was issued by your company's CA, which they trust.

If you need more help, you need to give us details like what kind of applications will be using LDAP, whether the domain controller will only be accessible in the intranet, and if so, why you want to secure it.
 
Sarah Jay
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:You can get a certificate from any CA. You can even create a certificate yourself, although you must only use such a certificate for development purposes, not for a live domain controller.

For a production environment, what CA to use kinda depends on who will be accessing the domain controller. For instance, if you only want to use LDAPS within a company intranet, you can setup a CA for your own company, and add its root certificate to the trusted certificates of all systems within your company intranet. Then you request a certificate from your own CA as outlined here. Install the certificate in the domain controller's personal certificate store. Active Directory will now use this certificate to identify itself when accessing it through LDAPS. Systems in your intranet will authenticate the domain controller's identity by verifying that its certificate was issued by your company's CA, which they trust.

If you need more help, you need to give us details like what kind of applications will be using LDAP, whether the domain controller will only be accessible in the intranet, and if so, why you want to secure it.



Thanks, Stephan.

I want your help in generating the certificate in a test environment.
I am aware that we can generate it using OpenSSL command...But I don't have knowledge like how can I create using OpenSSL I mean what is the procedure...
Do we require any tool or App to be installed in our system to generate the SSL certificate?

Thanks for your help...
 
Stephan van Hulst
Saloon Keeper
Posts: 14672
330
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes. On Windows you can use PowerShell. I think you could use the following command, but I haven't tried it out myself:

Obviously, you need to replace the value of the -DnsName parameter.
Also take a look at these links:

  • How to enable LDAP over SSL with a third-party certification authority
  • New-SelfSignedCertificate
  • Generating self-signed certificates on Windows
  •  
    Sarah Jay
    Ranch Hand
    Posts: 39
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator

    Stephan van Hulst wrote:Yes. On Windows you can use PowerShell. I think you could use the following command, but I haven't tried it out myself:

    Obviously, you need to replace the value of the -DnsName parameter.
    Also take a look at these links:

  • How to enable LDAP over SSL with a third-party certification authority
  • New-SelfSignedCertificate
  • Generating self-signed certificates on Windows


  • Thank you so much, Stephan.I will go through all the links you have provided and if any doubts I will post it.
     
    With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
    reply
      Bookmark Topic Watch Topic
    • New Topic