O'Reilly logo

Active Directory Cookbook by Robbie Allen

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

14.1. Enabling SSL/TLS

Problem

You want to enable SSL/TLS access to your domain controllers so clients can encrypt LDAP traffic to the servers.

Solution

Using a graphical user interface

  1. Open the Control Panel on a domain controller.

  2. Open the Add or Remove Programs applet.

  3. Click on Add/Remove Windows Components.

  4. Check the box beside Certificate Services and click Yes to verify.

  5. Click Next.

  6. Select the type of authority you want the domain controller to be (select Enterprise root CA if you are unsure) and click Next.

  7. Type the common name for the CA, select a validity period, and click Next.

  8. Enter the location for certificate database and logs and click Next.

  9. After the installation completes, click Finish.

  10. Now open the Domain Controller Security Policy GPO.

  11. Navigate to Computer Configuration Windows Settings Security Settings Public Key Policies.

  12. Right-click on Automatic Certificate Request Settings and select New Automatic Certificate Request.

  13. Click Next.

  14. Under Certificate Templates, click on Domain Controller and click Next.

  15. Click Finish.

  16. Right-click on Automatic Certificate Request Settings select New Automatic Certificate Request.

  17. Click Next.

  18. Under Certificate Templates, click on Computer and click Next.

  19. Click Finish.

Discussion

After domain controllers obtain certificates, they open up ports 636 and 3289. Port 636 is for LDAP over SSL/TLS and port 3289 is used for the global catalog over SSL/TLS. See Recipe 14.2 for more information on how to query a domain controller using SSL/TLS.

See Also ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required