RE: Authenticating with TLS against Active Directory

Thank you for your answers, this is what I did:

. Download the MS ISS6.0 Resource Kit.
. Install (using custom install) SelfSSL on the machine you wish to generate
the Self-Signed Certificate for (I used DC01.ad.local).
. Run the command: "selfssl /N:CN=DC01.ad.local /K:1024 /V:1825 /S:1
/P:443". Research the command FIRST if you're running this on an IIS Server.
. Ignore the message "Error opening metabase: 0x80040154" - which appears if
IIS isn't installed.
. Using the Certificates MMC snap-in (configured for the local Computer
Account), go to Personal\Certificates and export the public key. We needed
Base64 encoding for our linux app.
. Import the newly created .CER file into whatever app needs to authenticate
on the Active Directory and point the app to the server that has the
certificate installed (in this case DC01.ad.local).

Don't forget to backup the private key!

Keep in mind that this is a 5 year cert (/v:1825) and will only authenticate
against the specified Domain Controller (DC01.ad.local). It's vastly
preferred to do a proper PKI design, but this solves the issue while we
decide on whether PKI is for us.

Cheers

James

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of James D. Stallard
Sent: 06 September 2007 14:39
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Authenticating with TLS against Active Directory


I have a Windows Server 2003 R2 Active Directory and a Linux box running an
application (called Collage) whose users I would like to authenticate
against the AD. The application only supports TLS, so I need a certificate.
However, I do not have the time on this job to properly design and deploy
PKI, so I'm looking for a one-off solution.

My questions are therefore:

. If I create a self-signed certificate (using SelfSSL.EXE from the IIS
reskit), install it on a Domain Controller and export it, can I use that to
authenticate my Linux application?
. Is there a better way of achieving the same goal?

Thanks in advance
Cheers

James

James D. Stallard CITP
Chief Technical Architect
Leafgrove Limited
Web: www.leafgrove.com
LinkedIn: www.linkedin.com/in/jamesdstallard

Relevant Pages

  • Re: Windows Update repeats
    ... You cannot install some updates or programs ... to a Windows component, install a service pack for Windows or for a Windows ... The Microsoft digital signature affirms that software has been tested with ... Publishers certificate store. ...
    (microsoft.public.windowsupdate)
  • RE: updates after format
    ... if the Microsoft Server is down. ... software you are installing has not passed Windows Logo testing verify its ... When you try to download an ActiveX control, install an update to Windows ... and you do not have the appropriate certificate in your Trusted Publishers ...
    (microsoft.public.windows.mediacenter)
  • Re: ?Expired Security Certif for MS Update
    ... MBSA should run fine on a new install. ... faith in the downloads I have, that used the expired certificate to get ... At the risk of sounding like an alien abductee, this security invasion ... Microsoft and signed by a CA that your computer trusts I would not worry ...
    (microsoft.public.windowsxp.security_admin)
  • RE: CA and Windows mobile 5.0
    ... certificate or Third party certificate? ... How did you install CA on your mobile device? ... If your Windows SBS Server is running ISA Server, ...
    (microsoft.public.windows.server.sbs)
  • RE: MObile 5 Configuration - Exchange 2003 SP2
    ... I was hoping I could use the SBS Wizards for setting up activesync on the ... I was hoping I could install the SBS certificate by going to the remote web ... - can you do this in Ie mobile ...
    (microsoft.public.windows.server.sbs)
Quantcast