Solved

Certificate for LDAP integration of SBS2003 and SonicWall

Posted on 2010-09-10
6
1,355 Views
Last Modified: 2012-05-10
I am setting up Single Sign-on for a SonicWall TZ210 on a Small Business Server 2003 network and I want to know if I need to follow the procedure below to generate a certificate for LDAP Integration or if I can use the existing self-signed certificate produced by the Small Business Server for Remote Access.
http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=4060
0
Comment
Question by:Milkybar-kid
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 33649379
A certificate is used to uniquely identify and verify the identity of a user or device. Since your sonicwall is not your SBS server (in most cases; maybe you mod like mad), you should go through the certificate generation process. It does not have to a public certificate; sbs 2008 installs certificate services by default, but you can install it in SBS 2003 without creating conflicts as well. Once installed, you can use certificate services to generate and sign a certificate for the sonicwall when given a CSR from the sonicwall (which the sonicwall UI lets you generate.) Your call on whether to go public or private; there are pros and cons to such a setup, but the point here is don't use the self signed and generating a certificate *can* be done in an SBS environment for free.
 
0
 
LVL 33

Expert Comment

by:digitap
ID: 33651378
Yes, you can use those steps.  If you always connect from a computer that's part of the SBS domain, then the cert generated by your domain, will be trusted by devices joined to the domain.  Alternatively, if you purchase a cert, then it should be trusted too.  Ultimately, you want the cert you install on the sonicwall to be trused.
0
 
LVL 1

Author Comment

by:Milkybar-kid
ID: 33652655
OK - I think I can see the error in my thinking that I can use the self-signed cert generated by the SBS if it is necessary to get the CSR from the SonicWall. I guess that is reverse to what I imagined the requirement to be. So I need to generate a Cert for the Sonicwall and not install the cert generated by the Small Business Server? The certificate services is just the mechanism to get a certificate generated which equally could be got by purchasing one from a cert authority right? But as I just need the cert for the purposes of connecting to the internal Active Directory I guess one generated by Certificate Services is fine.
If I generate one using Certificate Services can this be done from any server with this service installed or does it have to be done from one attached to the domain in question.
0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 33653575
Trust is the big key here.  I was having trouble recalling how the SSO client worked, so I reviewed it again.  The cert is only used to secure communication between the server and the sonicwall appliance.  The SSO agent secures communication between the client and the sonicwall without the cert.  You don't have to get the CSR from the sonicwall.  If you follow the steps in the link you posted in your question, you'll be fine.
0
 
LVL 1

Author Closing Comment

by:Milkybar-kid
ID: 33764872
Thanks
0
 
LVL 33

Expert Comment

by:digitap
ID: 33764875
yup....thanks for the points!
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question