LDAPS config with alternate domain
Posted on 2011-09-21
we have a Windows AD domain, let's call it domain.com.
We now have a requirement to allow a 3rd party web app to access LDAPS, so our users can authenticate against AD from this 3rd party app.
To do this, we need to install a certificate on our DC for LDAPS.
The 3rd party requires a certificate from a trusted root CA (i.e. VeriSign)
PROBLEM: Our internal domain, "domain.com" exists in the real world and does not belong to us, so we cannot get a cert for it.
How can I make LDAPS available on my domain controller using MYdomain.com externally, but access domain.com internally?
- we have exchange 2010 so no (easy) domain rename possible
- Self-signed cert is not accepted
- DC is Windows 2003