Solved

Certificate for LDAP integration of SBS2003 and SonicWall

Posted on 2010-09-10
6
1,356 Views
Last Modified: 2012-05-10
I am setting up Single Sign-on for a SonicWall TZ210 on a Small Business Server 2003 network and I want to know if I need to follow the procedure below to generate a certificate for LDAP Integration or if I can use the existing self-signed certificate produced by the Small Business Server for Remote Access.
http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=4060
0
Comment
Question by:Milkybar-kid
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 33649379
A certificate is used to uniquely identify and verify the identity of a user or device. Since your sonicwall is not your SBS server (in most cases; maybe you mod like mad), you should go through the certificate generation process. It does not have to a public certificate; sbs 2008 installs certificate services by default, but you can install it in SBS 2003 without creating conflicts as well. Once installed, you can use certificate services to generate and sign a certificate for the sonicwall when given a CSR from the sonicwall (which the sonicwall UI lets you generate.) Your call on whether to go public or private; there are pros and cons to such a setup, but the point here is don't use the self signed and generating a certificate *can* be done in an SBS environment for free.
 
0
 
LVL 33

Expert Comment

by:digitap
ID: 33651378
Yes, you can use those steps.  If you always connect from a computer that's part of the SBS domain, then the cert generated by your domain, will be trusted by devices joined to the domain.  Alternatively, if you purchase a cert, then it should be trusted too.  Ultimately, you want the cert you install on the sonicwall to be trused.
0
 
LVL 1

Author Comment

by:Milkybar-kid
ID: 33652655
OK - I think I can see the error in my thinking that I can use the self-signed cert generated by the SBS if it is necessary to get the CSR from the SonicWall. I guess that is reverse to what I imagined the requirement to be. So I need to generate a Cert for the Sonicwall and not install the cert generated by the Small Business Server? The certificate services is just the mechanism to get a certificate generated which equally could be got by purchasing one from a cert authority right? But as I just need the cert for the purposes of connecting to the internal Active Directory I guess one generated by Certificate Services is fine.
If I generate one using Certificate Services can this be done from any server with this service installed or does it have to be done from one attached to the domain in question.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 33653575
Trust is the big key here.  I was having trouble recalling how the SSO client worked, so I reviewed it again.  The cert is only used to secure communication between the server and the sonicwall appliance.  The SSO agent secures communication between the client and the sonicwall without the cert.  You don't have to get the CSR from the sonicwall.  If you follow the steps in the link you posted in your question, you'll be fine.
0
 
LVL 1

Author Closing Comment

by:Milkybar-kid
ID: 33764872
Thanks
0
 
LVL 33

Expert Comment

by:digitap
ID: 33764875
yup....thanks for the points!
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question