Link to home
Create AccountLog in
Avatar of fertigj
fertigj

asked on

Configure LDAPS on 2003 Active Directory

Hello..

   I currently have 4 Windows 2003 domain controllers running that I would like to configure Ldaps on.   I have a number of application servers {unix/windows boxs} that can use this for authentication.   I have been doing a bit of reading on this on Microsoft's site and have found the information a bit confusing.    From what i gather it looks like I have three options...  1 I can setup a microsoft cert authority and proceed down that road {although that looks rather confusing}  2. I can go to each domain controller and generate a cert request and get a provider like verisign to issue a cert for each domain controller.  3.  Setup an OpenSSL cert auth.  

The option that looks best at the moment is # 2.  This assumes that that will actually work...and also that the ldaps turns on once a cert has been imported to each domain controller.   Any information and advice on how to do this would be greatly appreciated.    Thank you.

Avatar of Netman66
Netman66
Flag of Canada image

It seems pretty straightforward:

http://support.microsoft.com/kb/321051

Why do you require LDAPS?  

Avatar of fertigj
fertigj

ASKER

The reason that I would like to setup Ldaps is to secure communication between a few app servers and our domain controllers.   The app servers are using the Ad for auth. and the traffic is sent in the clear between the servers at the moment.
I understand how to generate the request for the cert and how to add it once I receive an actual cert.    My question is...what is the best way to generate the cert?  Do I use the Microsoft Cert Auth / Open SSL / Or a third party company such as verisign?  I understand there is a cost difference between these...aside from that.. are there any avantages/disadvantages that I should look out for?
ASKER CERTIFIED SOLUTION
Avatar of Netman66
Netman66
Flag of Canada image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
We used a self signed wildcard cert using microsofts SelfSSL tool for IIS.  Installed it WITH the private key on each server and LDAP SSL worked instantly.  Our apps work well with it too that require LDAPS.