How can I retrieve the LDAP server certificate for Windows 2008 and 2003 global catalog servers?
First of all, I highly recommend installing an Enterprise root CA, as alluded to in the comments, because it makes certificate management loads easier. You can even script or configure automatic certificate requests and issuance policies, in addition to having a central source for certificates.
Having said that, the procedure for retrieving a machine certificate is fairly straightforward.
Log onto the machine in question. Open the Microsoft Management Console (MMC.exe
). Go to Add/Remove Snap-in...
. Select Certificates
, Add ->
. At the pop-up dialogue, select the Computer account
radio button, hit Next >
and select the Local Computer
radio button and hit Finish
(should be selected by default).
Click OK
, and expand Certificates
. the one you're looking for should be under a subfolder of Personal
called Certificates
, and if multiple are present, should be the one with the machine name in it, of Template type Computer
, assuming a default certificate deployment configuration. See the screenshot below.