Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1366
  • Last Modified:

Certificate for LDAP integration of SBS2003 and SonicWall

I am setting up Single Sign-on for a SonicWall TZ210 on a Small Business Server 2003 network and I want to know if I need to follow the procedure below to generate a certificate for LDAP Integration or if I can use the existing self-signed certificate produced by the Small Business Server for Remote Access.
http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=4060
0
Milkybar-kid
Asked:
Milkybar-kid
  • 3
  • 2
2 Solutions
 
Cliff GaliherCommented:
A certificate is used to uniquely identify and verify the identity of a user or device. Since your sonicwall is not your SBS server (in most cases; maybe you mod like mad), you should go through the certificate generation process. It does not have to a public certificate; sbs 2008 installs certificate services by default, but you can install it in SBS 2003 without creating conflicts as well. Once installed, you can use certificate services to generate and sign a certificate for the sonicwall when given a CSR from the sonicwall (which the sonicwall UI lets you generate.) Your call on whether to go public or private; there are pros and cons to such a setup, but the point here is don't use the self signed and generating a certificate *can* be done in an SBS environment for free.
 
0
 
digitapCommented:
Yes, you can use those steps.  If you always connect from a computer that's part of the SBS domain, then the cert generated by your domain, will be trusted by devices joined to the domain.  Alternatively, if you purchase a cert, then it should be trusted too.  Ultimately, you want the cert you install on the sonicwall to be trused.
0
 
Milkybar-kidAuthor Commented:
OK - I think I can see the error in my thinking that I can use the self-signed cert generated by the SBS if it is necessary to get the CSR from the SonicWall. I guess that is reverse to what I imagined the requirement to be. So I need to generate a Cert for the Sonicwall and not install the cert generated by the Small Business Server? The certificate services is just the mechanism to get a certificate generated which equally could be got by purchasing one from a cert authority right? But as I just need the cert for the purposes of connecting to the internal Active Directory I guess one generated by Certificate Services is fine.
If I generate one using Certificate Services can this be done from any server with this service installed or does it have to be done from one attached to the domain in question.
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
digitapCommented:
Trust is the big key here.  I was having trouble recalling how the SSO client worked, so I reviewed it again.  The cert is only used to secure communication between the server and the sonicwall appliance.  The SSO agent secures communication between the client and the sonicwall without the cert.  You don't have to get the CSR from the sonicwall.  If you follow the steps in the link you posted in your question, you'll be fine.
0
 
Milkybar-kidAuthor Commented:
Thanks
0
 
digitapCommented:
yup....thanks for the points!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now