Link to home
Start Free TrialLog in
Avatar of MortgageCenter
MortgageCenterFlag for United States of America

asked on

SSL Certificate for LDAPS when FQDN and public DNS are different

I need to configure our Domain Controller for LDAPS as we are trying to use LDAP to authenticate users to an external website (outside of the domain). The problem is that the Domain Controller's FQDN is EXAMPLE.company.local while the public DNS record for the system is EXAMPLE.company.com.

Based on an article on Microsoft's website (http://support.microsoft.com/kb/931351), it appears that I need to include a SAN Attribute to the Certificate (we are going to use a third-party certificate if that makes a different). I am unsure as to what records should be listed on the cert or if having the SAN Attribute will actually work.

Should the "primary" record be EXAMPLE.company.com and the SAN Attribute be EXAMPLE.company.local? Will having the SAN Attribute allow LDAPS to function properly?
ASKER CERTIFIED SOLUTION
Avatar of Chad Franks
Chad Franks

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of MortgageCenter

ASKER

Chad,

Just to be sure, if I purchase a certificate from a third-party (ex: GoDaddy.com) that includes EXAMPLE.company.com and has EXAMPLE.company.local as the SAN, that certificate will be installed onto the LDAP server (using these instructions: http://support.microsoft.com/kb/321051) and will allow the external website to make LDAPS requests without error?
Avatar of Chad Franks
Chad Franks

You are correct.
Chad,

Thank you for all of your assistance. I greatly appreciate it!
So as of 11/1/2015 the CAs will no longer issue a certificate with an intranet name as the SAN.
What to do now?