Add New Role -> Next
Select Active Directory Certificate Services -> Next
Select Certificate Authority -> Next
Select Enterprise -> Next
Select Root CA -> Next
Create a new private key -> Next
Left deafults (RSA#Microsoft Software Key Storage Provider, 2048, SHA1) -> Next
Name Common name for the CA can't be the same as the FQDN -> Next
Leave it set to 5 years -> Next -> Next -> Install
Open a command prompt with Admin Access (Right click "Run As Administrator")
Type MMC, press Enter
File Add/Remove Snap-ins
Select Certificates -> Click Add -> Select Computer Account -> Click Next -> Local Computer -> Finish
Click Ok
Navigate to Console root -> Certificates (Local Computer) -> Personal -> Certificates -> Right Click in right window
Right Click All Tasks -> Request New Certificate
Click Next -> Select Active Directory Enrollment Policy -> Click Next
Check Domain Controller & Domain Controller Authentication -> Click Enroll
Source: Link
To confirm that LDAP over SSL is configured successfully
-
Open the Ldp snap-in. To open Ldp, click Start. In Start Search, type ldp. Right-click the Ldp icon on the Start menu, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
-
Click the Ldp Connection menu, and then click Connect. In Server,
type the host name (FQDN) of the server to which you want to connect. Ensure
that Port is set to 636, the Connectionless check box is cleared, and
the SSL check box is selected, and then click OK. If you receive a message that says “Cannot open connection,” LDAP-over-SSL binding is not configured properly.
-
Click the Connection menu, click Bind, and then click OK.
-
The command output should display the user name and
domain name that you used for binding, if LDAP over SSL is configured
properly.
Source: Link
No comments:
Post a Comment