Solved

LDAP over SSL using mail server's cert

Posted on 2013-12-06
3
693 Views
Last Modified: 2013-12-09
I'm setting up a help desk ticketing system that's cloud hosted, and I'd like to give it access to my LDAP server so that users can login to the help desk with their familiar passwords.  I want to use SSL for security. I have a mail server/DC that has an SSL cert and public IP, and I'd like to know if I just open port 636 through my firewall and use the mail server's URL (mail.domain.com) would that work? Any suggestions are appreciated.
0
Comment
Question by:Brad212
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 30

Accepted Solution

by:
Britt Thompson earned 50 total points
ID: 39702378
Yes but you'll have to add the certificate to the cert store on the server to for the client/server handshake to happen. Below is the instructions:

http://support.microsoft.com/kb/321051/en-us

If you have a Digicert certificate you can generate a duplicate to do this.
0
 

Author Comment

by:Brad212
ID: 39702430
Thank you, very helpful. Do I need a third party CA to accomplish this? Or could I just install the CA role on the server and not bother with a 3rd party CA?
0
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 39702446
As long as the server connecting to the LDAP server trusts the certificate it will work.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question