Enabling SSL in Active Directory allows clients to communicate securely with AD servers. This is also required to allow a user’s Active Directory password to be changed programmatically using LDAP.
This article will show you how to install the Certificate Services in Windows 2003 to enable LDAP SSL in Active Directory.
Before beginning, make sure the Internet Information Server (IIS) is installed in your server.
一、Installing the Certificate Services
1. Click
Start, select
Control Panel and click
Add or Remove Programs.
2. In the
Add or Remove Programs window, click
Add/Remove Windows Components, check the
Certificate Services and click
Next.
3. Click
Next in the
CA Type page.
4. Fill up the
Common name for this CA and click
Next.
5. Click
Next in the
Certificate Database Settings page.
6. The Certificate Services will now be installed.
7. Click
Finish and restart your server.
二、Configuring Automatic Certificate Request for Domain Controllers
To communicate with the Active Directory server over the Secure Sockets Layer (SSL), you need an SSL enabled server and an SSL certificate for the client. SSL communication is required to programmatically change the Active Directory password.
This article will show you how to export an SSL certificate from an SSL enabled Windows Server 2003 to use the LDAP API over SSL.
1. Click
Start, select
Administrative Tools and click
Certification Authority. This will launch the
Certification Authority application.
2. Select a certification authority, press right click and click
Properties.
3. In the
Properties window, click the
View Certificate button.
4. In the
Certificate window, click the
Details tab and click the
Copy to File button.
5. Click
Next in the
Certificate Export Wizard window.
6. Select
Base-64 encoded X.509 and click
Next.
7. Specify the path and file name of the certificate and click
Next.
8. Finally, click
Finish to export the certificate.