Certificate for LDAP integration of SBS2003 and SonicWall

I am setting up Single Sign-on for a SonicWall TZ210 on a Small Business Server 2003 network and I want to know if I need to follow the procedure below to generate a certificate for LDAP Integration or if I can use the existing self-signed certificate produced by the Small Business Server for Remote Access.
http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=4060
LVL 1
Milkybar-kidAsked:
Who is Participating?
 
digitapConnect With a Mentor Commented:
Trust is the big key here.  I was having trouble recalling how the SSO client worked, so I reviewed it again.  The cert is only used to secure communication between the server and the sonicwall appliance.  The SSO agent secures communication between the client and the sonicwall without the cert.  You don't have to get the CSR from the sonicwall.  If you follow the steps in the link you posted in your question, you'll be fine.
0
 
Cliff GaliherConnect With a Mentor Commented:
A certificate is used to uniquely identify and verify the identity of a user or device. Since your sonicwall is not your SBS server (in most cases; maybe you mod like mad), you should go through the certificate generation process. It does not have to a public certificate; sbs 2008 installs certificate services by default, but you can install it in SBS 2003 without creating conflicts as well. Once installed, you can use certificate services to generate and sign a certificate for the sonicwall when given a CSR from the sonicwall (which the sonicwall UI lets you generate.) Your call on whether to go public or private; there are pros and cons to such a setup, but the point here is don't use the self signed and generating a certificate *can* be done in an SBS environment for free.
 
0
 
digitapCommented:
Yes, you can use those steps.  If you always connect from a computer that's part of the SBS domain, then the cert generated by your domain, will be trusted by devices joined to the domain.  Alternatively, if you purchase a cert, then it should be trusted too.  Ultimately, you want the cert you install on the sonicwall to be trused.
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
Milkybar-kidAuthor Commented:
OK - I think I can see the error in my thinking that I can use the self-signed cert generated by the SBS if it is necessary to get the CSR from the SonicWall. I guess that is reverse to what I imagined the requirement to be. So I need to generate a Cert for the Sonicwall and not install the cert generated by the Small Business Server? The certificate services is just the mechanism to get a certificate generated which equally could be got by purchasing one from a cert authority right? But as I just need the cert for the purposes of connecting to the internal Active Directory I guess one generated by Certificate Services is fine.
If I generate one using Certificate Services can this be done from any server with this service installed or does it have to be done from one attached to the domain in question.
0
 
Milkybar-kidAuthor Commented:
Thanks
0
 
digitapCommented:
yup....thanks for the points!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.