LDAP- Active Directory – SSL Connection

Uma Mahesh.G
Senior QA Engineer
gunipati81@gmail.com

1. How to enable SSL connection in the Active Directory Server?

Certificate Services is included with Windows Server 2003 but not installed by default. The
service is used to issue and manage certificates for a Public Key Infrastructure (PKI).

Certificate Services allows a computer running Windows Server 2003 to receive requests for
certificates from users and computers, verify the identity of a requestor, issue and revoke
certificates, and publish a Certificate Revocation List (CRL).

Install the IIS Service

In order to install the CA you will first need to install IIS on a Windows Server 2003
computer.

1. Click Start > Control Panel > Add or Remove Programs.

2. In Add or Remove Programs, click Add/Remove Windows Components.
3. Under Components, click on Application Server (but do NOT select it) and press on
the Details button.
4. In the Application Server window click to select IIS and click Ok.
5. Click Next

Enabling LDAP SSL Connection through Certificates:-

1. Log on as a member of both the Enterprise Admins group and the root domain's
Domain Admins group.(Administrator)
2. Go to Settings > Control Panel > Select Add/Remove Programs > Click Add/Remove
Windows Components.
3. In the Windows Components Wizard, select the Certificate Services check box. A
dialog box appears to inform you that the computer cannot be renamed and that the
computer cannot be joined to or removed from a domain after Certificate Services is
installed. Click yes, and then click next
4. Click Enterprise root CA and then click next
5. Give the common name (LDAPCertificate) for the CA, and then click next
6. In the Certificate Database Settings page, click next

If you have IIS Server then the Pop up will be displayed to stop IIS Service. Click “Yes”
Enable ASP Pages, by click “Yes”

7. When the installation process is completed click Finish.

8. Restart your machine (DC)

Download Microsoft Support Tools from the Microsoft site. Download:

http://www.microsoft.com/downloads/details.aspx?FamilyId=6EC50B78-8BE1-4E81-
B3BE-4E7AC4F0912D&displaylang=en

Install Microsoft tools and Go to Start > Run > cmd > ldp.exe > Open

Server: DC Machine Address Port: 636, SSL

2. How to establish a connection between LDAP clients to AD Server?

We can establish SSL connection between LDAP client and AD Server with the help of importing
trusted root CA certificate into the client’s environment.

AD Server Side:

1. Start Microsoft Management Console (MMC).

2. Add the Certificates snap-in that manages certificates on the local computer
3. Expand Certificates (Local Computer), expand Trusted Root Certificate
authorities
4. Select LDAPCertificate > Right Click > select All Tasks ( Export )
5. “Welcome to Certificate export Wizard” , click next
6. Select Cryptographic Message Syntax Standard PKCS #6 Certificates (.P7B format) ,
select include all certificates in the certification path if possible option , Click Next
7. Give the file name ( LDAP ) ,Click Next button
8. Click finish export wizard

Client:

1. Copy LDAP.p7b file from AD Server and paste it in the Client machine
2. Double click to open P7b certificate and select LDAPCertificate
3. do right click and select install option to install Third party certificate authority
4. Follow the instruction to complete the process.

Install Microsoft tools and Go to Start > Run > cmd > ldp.exe > Open

SSL Connection works …!