LDP SSL Port 636 Works - ldaps:// does not

ssl windows-server-2008 active-directory ldap

Solution 1:

Your clients don't need their own certificate. They just need to trust the Certificate Authority certificate (or certificate chain) that signed the LDAP server's certificate. You didn't need to worry about this on the localhost because the CA certificate was already trusted by default.

It's not clear from your question whether the LDAP server is also the Certificate Authority and whether it is using the CA certificate as the LDAP certificate as well. Normally, these are two different certificates and the Certificate Authority lives on a different machine.

Some quick google'ing indicates there's an option you can set in the ldap.conf called TLS_CACERT or an equivalent environment variable called LDAPTLS_CACERT that you can point to a file containing any/all CA certificates in your environment (base64 encoded).

If you only have a single CA in your environment, you should be able to download a base64 encoded version of its public certificate. And if you can only find a DER encoded version, you can use openssl to convert it to base64.

openssl x509 -inform der -in cacert.crt -out cacert.pem

Related

How does a registrar update the gtld name servers?
List of SSL Cipher Support by Browser
Rsync filter and ignore some directories [closed]
If an IIS hosted site is secured using Kerberos, can Linux machines connect to it?
Finding NIC firmware version
DFS-R: how to offline re-sync, large amount of data deleted
How to get email alert if one of raid 1 disks fails?
Store multiple versions of large binary file with minimal data duplication (preferably Linux)
ESXi: Can linked clones be on a different datastore than the parent?
mklink to network share or UNC path or Mapped Drive?
Can't get virtual desktops to show up on RDWeb for Server 2012 R2
Is there a way to limit the network bandwidth / filesystem use per user over NFS on a Solaris 10 file server?