Active Directory TLS

ssl active-directory tls

The certificate will enable LDAPS on port 636. Active directory uses sign and seal and is already secure when using port 389. Yes they can coexist at the same time

This article should help explain LDAPS. http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx

This article explains how to use a third party certificate to enable LDAPS https://support.microsoft.com/en-us/kb/321051

According to this article the certificate must be issued to the FQDN of the server. So a wildcard certificate might not work https://technet.microsoft.com/en-us/library/cc725767(WS.10).aspx


You don't need a commercial certificate to secure LDAP in Active Directory; all computers accessing it will by definition be domain members (*), thus you can use Windows' own Certificate Services to build an AD-integrated certification authority, which will be automatically trusted by all users and computers in the domain.

(*) Should you need to perform LDAP queries from a non-domain-joined device, you'll simply need to import the root certificate of your CA into its store of trusted certificates.

Related

Why can't my Remote Desktop Server make proper use of the licensing server?
Apache httpd conf file configuration mismatch
Sharing NFS datastore between data centers
How to do restore test with limited testing resources?
KVM Live or Near-Live Migration from LVM to filesystem backend
Can I configure AC Power Restored option via iDRAC on a Dell PowerEdge server?
Debian: Get list of installed packages while in rescue mode
Large AWS Regional Data Transfer cost; ELB to blame?
bind dns entries not updating from master to slave
mount.cifs: mount error(112): Host is down
How do I remove internet access from a Google Instance?
why is php-fpm spawning and destroying hundreds of children per second with no server load?