Read a lot about this on this site and others but still have a few questions if someone can help.
My client has a cloud antispam/antivirus service that performs directory harvesting via LDAP into their AD. Need to secure this with LDAPS. They do support it.
1. Want to use a GoDaddy SSL.
a. I assume standard SSL will work?
b. Already have a UCC for Exchange 2010
2. Do I create the request via IIS like usual or via the AD certificate services?
3. Where does the "Server Authentication object identifier" get inserted into the SSL?
a. all the articles stress that the cert has to perform this function compared to the "identity of a remote computer" role in the Exchange SSL.
We tried to self sign it and using the recommendation of not putting the CA on the domain controller itself, we could never get the "security" correct to choose the template we created and were trying to issue per this article - http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx
And when we use a GoDaddy SSL, do we still need to do the request.inf - http://support.microsoft.com/kb/321051
- why is this different to a normal SSL request?
I guess we need a little clearer step by step. Any help is appreciated...