Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Certificate for LDAP integration of SBS2003 and SonicWall

Posted on 2010-09-10
6
Medium Priority
?
1,361 Views
Last Modified: 2012-05-10
I am setting up Single Sign-on for a SonicWall TZ210 on a Small Business Server 2003 network and I want to know if I need to follow the procedure below to generate a certificate for LDAP Integration or if I can use the existing self-signed certificate produced by the Small Business Server for Remote Access.
http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=4060
0
Comment
Question by:Milkybar-kid
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 1000 total points
ID: 33649379
A certificate is used to uniquely identify and verify the identity of a user or device. Since your sonicwall is not your SBS server (in most cases; maybe you mod like mad), you should go through the certificate generation process. It does not have to a public certificate; sbs 2008 installs certificate services by default, but you can install it in SBS 2003 without creating conflicts as well. Once installed, you can use certificate services to generate and sign a certificate for the sonicwall when given a CSR from the sonicwall (which the sonicwall UI lets you generate.) Your call on whether to go public or private; there are pros and cons to such a setup, but the point here is don't use the self signed and generating a certificate *can* be done in an SBS environment for free.
 
0
 
LVL 33

Expert Comment

by:digitap
ID: 33651378
Yes, you can use those steps.  If you always connect from a computer that's part of the SBS domain, then the cert generated by your domain, will be trusted by devices joined to the domain.  Alternatively, if you purchase a cert, then it should be trusted too.  Ultimately, you want the cert you install on the sonicwall to be trused.
0
 
LVL 1

Author Comment

by:Milkybar-kid
ID: 33652655
OK - I think I can see the error in my thinking that I can use the self-signed cert generated by the SBS if it is necessary to get the CSR from the SonicWall. I guess that is reverse to what I imagined the requirement to be. So I need to generate a Cert for the Sonicwall and not install the cert generated by the Small Business Server? The certificate services is just the mechanism to get a certificate generated which equally could be got by purchasing one from a cert authority right? But as I just need the cert for the purposes of connecting to the internal Active Directory I guess one generated by Certificate Services is fine.
If I generate one using Certificate Services can this be done from any server with this service installed or does it have to be done from one attached to the domain in question.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 33

Accepted Solution

by:
digitap earned 1000 total points
ID: 33653575
Trust is the big key here.  I was having trouble recalling how the SSO client worked, so I reviewed it again.  The cert is only used to secure communication between the server and the sonicwall appliance.  The SSO agent secures communication between the client and the sonicwall without the cert.  You don't have to get the CSR from the sonicwall.  If you follow the steps in the link you posted in your question, you'll be fine.
0
 
LVL 1

Author Closing Comment

by:Milkybar-kid
ID: 33764872
Thanks
0
 
LVL 33

Expert Comment

by:digitap
ID: 33764875
yup....thanks for the points!
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question