Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Microsoft AD for Secure LDAP

Posted on 2016-09-04
3
Medium Priority
?
85 Views
Last Modified: 2016-09-20
Hi,

I have enable secure LDAP on my DC server, using LDP tool, I can query the LDAP at port 636.

just wonder, do I need to apply any certificate to my member server which is running the application?
0
Comment
Question by:hell_angel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 17

Accepted Solution

by:
Learnctx earned 2000 total points
ID: 41784357
Your member servers must have the certificates root chain trusted. If it is your internal CA issuing the certificate you can do this via the command line from a CA or via GPO. See here: https://technet.microsoft.com/en-us/library/cc770315(v=ws.10).aspx.

If it is a public cert authority certificate you are using, most applications trust these, but if they do not then repeat the process above. For applications which do not use the Windows central cert store (certmgmt.msc) then you will need to install the certificate chain into the applications certificate store (be this a Java keystore, or whatever).

Exmaple
Some root CA-1 << goes into the trusted roots store
|__Some intermediate CA << goes into the trusted intermediate store
     |__Some issuing CA << goes into the trusted intermediate store
          |__ Your LDAPS certificate

Open in new window

0
 

Author Comment

by:hell_angel
ID: 41784367
Hi Learnctx,

thanks for that.. customer will use GlobalSign certificate. according to the provider, Windwos 2012 R2 server alrd has its chain cert installed by default. and I verified that is correct as well.

so, I no longer need to provide the server certificate to my app server right?

the uat environment is using self-signed cert, do I need to upload the self sign cert to app server as well?


they have Oracle PeopleSoft Apps, I check the Oracle article, the apps need to upload the cert at Java...
0
 
LVL 17

Assisted Solution

by:Learnctx
Learnctx earned 2000 total points
ID: 41785361
Yes, anything using Java will most likely need the cert chain added to the applications keystore. Always a pain in the bum. For the GlobalSign certificate, as long as the application uses the Windows central store I doubt you will have any problems. Windows should trust the certificate. I'd say always double check though.
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question