Re: SSL for domain controllers
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 29 Aug 2006 00:39:33 -0500
I've not had any issues with cert installation affecting Kerberos or LDAP
binds in general. If it works, you'll get SSL/LDAP. If you don't do it
right, you won't. That's about it. :)
Kerberos doesn't use LDAP anyway.
Are you having a specific problem or are you just being cautious?
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"JustAskAway" <JustAskAway@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AEE9A816-8F5A-4012-961E-5841BF637AA1@xxxxxxxxxxxxxxxx
We are implementing SSL for LDAP on several Active Directory servers in
two
domains initially. To do this we must add a server certificate and a
trusted
root certificate to each domain controller (also Active Directory servers)
to
be used for LDAP authentication. the certificates have been issued by a
third
party.
Are there any known issues with installing these certificates on domain
controller? We are using certificates snapin on mmc.
To back-out changes, can the certificates be deleted from the domain
controller certificate store in the same manner as for other Windows 2003
servers, and Windows clients? ie. right click and select delete.
Is there any experience of kerberos and standard LDAP authentication not
working after setting up a server for LDAPS?
--
JustAskAway
.
- Prev by Date: How can I bring up the ext. property*** I created and registered
- Next by Date: Problem with LogonUser in my own GINA provider.
- Previous by thread: How can I bring up the ext. property*** I created and registered
- Next by thread: Problem with LogonUser in my own GINA provider.
- Index(es):
