Enabling SSL in Active Directory allows clients to communicate securely with AD servers. This is also required to allow a user’s Active Directory password to be changed programmatically using LDAP.

This article will show you how to install the Certificate Services in Windows 2003 to enable LDAP SSL in Active Directory.

ImportantBefore beginning, make sure the Internet Information Server (IIS) is installed in your server.

Installing the Certificate Services

Add or Remove Programs Shortcut1. Click Start, select Control Panel and click Add or Remove Programs.
Windows Components2. In the Add or Remove Programs window, click Add/Remove Windows Components, check the Certificate Services and click Next.
CA Type3. Click Next in the CA Type page.
CA Identifying Information4. Fill up the Common name for this CA and click Next.
Certificate Database Settings5. Click Next in the Certificate Database Settings page.
Configuring Components6. The Certificate Services will now be installed.
Windows Components Wizard Finished7. Click Finish and restart your server.

Configuring Automatic Certificate Request for Domain Controllers

Domain Controller Security Policy Shortcut1. Click Start, select Administrative Tools and click Domain Controller Security Policy.
Default Domain Controller Security Settings2. In the Default Domain Controller Security Settings window, click the Public Key Policies folder.
Default Domain Controller Security Settings3. Right click Automatic Certificate Request Settings, select New and click Automatic Certificate Request.
Automatic Certificate Request Setup Wizard4. Click Next in the Automatic Certificate Request Setup Wizard.
Automatic Certificate Request Setup Wizard Certificate Template5. Select Domain Controller in the Certificate Template page and click Next.
Automatic Certificate Request Setup Wizard Finish6. Click Finish and reboot your server.

Check for Issued Certificate

Certificate Authority shortcut1. Click Start, select Administrative Tools and click Certification Authority. This will launch the Certification Authority application.
Certificate Authority2. In Certification Authority, click the + sign and check the Issued Certificates folder if your server has been issued a certificate.
ImportantMake sure your server has been issued a certificate, otherwise SSL communication will not work.

Related Pages

Visit the forum to ask for help or to give a comment.

***
Posted on 5/19/2008 and last updated on 4/23/2011
Filed under Active Directory , LDAP , SSL/TLS