[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 75
  • Last Modified:

Secure LDAP with MS Active Directory

Hi,

I try to enable Secure LDAP on customer Windows Server 2012 R2. I have GlobaSign signed wildcard cert.
I followed this guide http://shabaztech.com/enabling-ldaps-certificate-3rd-party-ca/ for the configuration. I can see the signed cert under personal folder and its private key.

when I use LDP.exe for testing, It returned with error Cannot Open Connection. I have check the certificate OID and is compatible.
what else I can check?

much appreciate any helps..

thanks
0
hell_angel
Asked:
hell_angel
  • 2
1 Solution
 
hell_angelAuthor Commented:
Additional info.

my wildcard cert is root domain cert, and my server is child domain.
does this setup supported?
0
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
> my wildcard cert is root domain cert, and my server is child domain.
> does this setup supported?


That could be your problem if everything else was done correctly.  From my past experience with wildcards, the answer is 'no', the wildcard matches a single level of the hierarchy.  If, for example, you had a certificate for '*.domainname.com', it would match for 'DC.domainname.com'... but your child domain domain controller would be 'DC.child.domainname.com'.
0
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
If you have OpenSSL, one helpful tool in there is the ssl client, which can confirm certificates, etc... in the form:
OpenSSL s_client -connect [host_fqdn]:[port]
where the port for LDAPS should be 636 by default.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now