Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

First, you need to find the SSL certificate of the AD server. There are 2 ways:

Using MMC tool:

Expand
titleUsing MMC Tool
  • Open Local Computer Certificate Console on your DC,
  • Locate the LDAPS certificate, which should include the Server Authentication (1.3.6.1.5.5.7.3.1) object identifier.

Normally it has "DomainController" as its Certificate Template Name.

The Active Directory fully qualified domain name of the domain controller (for example, povm2k3svr.parkoffice.com) must appear in one of the following places:

    • The Common Name (CN) in the Subject field.
    • DNS entry in the Subject Alternative Name extension.


Expand
titleUsing OpenSSL

...

Tool

Download openssl and run the following command.

openssl s_client -

...

connect myldapsserver.domain.com:636

Part of the output of this file will be the Base-64 encoded .cer file that was presented for LDAPS. Just cut and paste into notepad beginning at "--Begin Certificate--" through "---End Certificate---" and save as a .cer Double-click on the certificate file and you will now be viewing the certificate presented for LDAPS.


Once you have found the SSL certificate of the AD server, double click the certificate, go to the tab "Cetification Path"

...