Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 89
  • Last Modified:

Microsoft AD for Secure LDAP

Hi,

I have enable secure LDAP on my DC server, using LDP tool, I can query the LDAP at port 636.

just wonder, do I need to apply any certificate to my member server which is running the application?
0
hell_angel
Asked:
hell_angel
  • 2
2 Solutions
 
LearnctxEngineerCommented:
Your member servers must have the certificates root chain trusted. If it is your internal CA issuing the certificate you can do this via the command line from a CA or via GPO. See here: https://technet.microsoft.com/en-us/library/cc770315(v=ws.10).aspx.

If it is a public cert authority certificate you are using, most applications trust these, but if they do not then repeat the process above. For applications which do not use the Windows central cert store (certmgmt.msc) then you will need to install the certificate chain into the applications certificate store (be this a Java keystore, or whatever).

Exmaple
Some root CA-1 << goes into the trusted roots store
|__Some intermediate CA << goes into the trusted intermediate store
     |__Some issuing CA << goes into the trusted intermediate store
          |__ Your LDAPS certificate

Open in new window

0
 
hell_angelAuthor Commented:
Hi Learnctx,

thanks for that.. customer will use GlobalSign certificate. according to the provider, Windwos 2012 R2 server alrd has its chain cert installed by default. and I verified that is correct as well.

so, I no longer need to provide the server certificate to my app server right?

the uat environment is using self-signed cert, do I need to upload the self sign cert to app server as well?


they have Oracle PeopleSoft Apps, I check the Oracle article, the apps need to upload the cert at Java...
0
 
LearnctxEngineerCommented:
Yes, anything using Java will most likely need the cert chain added to the applications keystore. Always a pain in the bum. For the GlobalSign certificate, as long as the application uses the Windows central store I doubt you will have any problems. Windows should trust the certificate. I'd say always double check though.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now