question

WinTechie-3187 avatar image
0 Votes"
WinTechie-3187 asked AnshulKumarMINDTREELIMITED-5501 published

LDAPS connection certificate

Hi,

we have a application which failing to connect to domain controller using LDAPS (636) because it lacks required certificate hence ssl handshake fails.
i would like to know which certificate i will have to export from DC (is it domain controller certificate OR kerberos certificate) and place it in applications certificate store so connection can be made.

windows-active-directorywindows-server-security
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


Hi,


Just want to confirm the current situations.
If there's anything you'd like to know, don't hesitate to ask.

Best Regards,

0 Votes 0 ·

Hi,
I am checking to see if the problem has been resolved.
If there's anything you'd like to know, don't hesitate to ask.
Best Regards,

0 Votes 0 ·

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

0 Votes 0 ·

1 Answer

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered

Hi,
Based on my understanding, it is a cert on the LDAPS server (Domain Controller) for server authentication issued by the trusted CA server.

When request cert for server authentication we can use the Kerberos template. Or we can create your own or use one of the existing templates that has Server Authentication as a purpose, such as Domain Controller Authentication, Domain Controller, Web Server, and Computer.

Important: You should be planning to have only one certificate on each LDAP server (i.e. domain controller or AD LDS computer) with the purpose of Server Authentication.

For more details, you can refer to the following link:
https://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx

If i misunderstand you, feel free to let me know.

Best Regards,



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.