Enabling SSL/TLS

Posted: March 28, 2010 in Active Directory, Security, Server, System Information
Tags: , ,

Problem

You want to enable SSL/TLS access to your domain controllers so clients can encrypt LDAP traffic to the servers.

Solution

Using a graphical user interface
  1. Open the Control Panel on a domain controller.

  2. Open the “Add or Remove Programs” applet.

  3. Click on Add/Remove Windows Components.

  4. Check the box beside Certificate Services and click Yes to verify.

  5. Click Next.

  6. Select the type of authority you want the domain controller to be (select “Enterprise root CA” if you are unsure) and click Next.

  7. Type the common name for the CA, select a validity period, and click Next.

  8. Enter the location for certificate database and logs, and click Next.

  9. After the installation completes, click Finish.

  10. Now open the Domain Controller Security Policy GPO.

  11. Navigate to Computer Configuration Windows Settings Security Settings Public Key Policies.

  12. Right-click on Automatic Certificate Request Settings and select New Automatic Certificate Request.

  13. Click Next.

  14. Under Certificate Templates, click on Domain Controller and click Next.

  15. Click Finish.

  16. Right-click on Automatic Certificate Request Settings and select New Automatic Certificate Request.

  17. Click Next.

  18. Under Certificate Templates, click on Computer and click Next.

  19. Click Finish.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s