Solved

Secure LDAP with MS Active Directory

Posted on 2016-08-01
3
52 Views
Last Modified: 2016-08-01
Hi,

I try to enable Secure LDAP on customer Windows Server 2012 R2. I have GlobaSign signed wildcard cert.
I followed this guide http://shabaztech.com/enabling-ldaps-certificate-3rd-party-ca/ for the configuration. I can see the signed cert under personal folder and its private key.

when I use LDP.exe for testing, It returned with error Cannot Open Connection. I have check the certificate OID and is compatible.
what else I can check?

much appreciate any helps..

thanks
0
Comment
Question by:hell_angel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Author Comment

by:hell_angel
ID: 41737255
Additional info.

my wildcard cert is root domain cert, and my server is child domain.
does this setup supported?
0
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 41737454
> my wildcard cert is root domain cert, and my server is child domain.
> does this setup supported?


That could be your problem if everything else was done correctly.  From my past experience with wildcards, the answer is 'no', the wildcard matches a single level of the hierarchy.  If, for example, you had a certificate for '*.domainname.com', it would match for 'DC.domainname.com'... but your child domain domain controller would be 'DC.child.domainname.com'.
0
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 41737469
If you have OpenSSL, one helpful tool in there is the ssl client, which can confirm certificates, etc... in the form:
OpenSSL s_client -connect [host_fqdn]:[port]
where the port for LDAPS should be 636 by default.
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
A small collection of useful tips and tricks for Windows 10 users that I decided to write as a result of recent questions that were asked and answered at Experts Exchange. Two short video tutorials included. Enjoy..
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question