Re: enable LDAP-SSL without a root-CA

From: David Cross [MS] (vaq130@hotmail.com)
Date: 08/11/02 

From: "David Cross [MS]" <vaq130@hotmail.com>
Date: Sat, 10 Aug 2002 16:24:19 -0700

That sounds ridiculous. You need a cert that chains to a trusted root on
both the server and the client. The net-net is you need a root CA to start
the hierarchy, anything less would not be secure. 

--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:evPZEsHQCHA.2664@tkmsftngp10...
> Some folks in our security group started talking to verisign about this
and
> I believe they found a way but it was very costly because verisign had to
do
> some very strange things to make this work.
>
> --
> Joe Richards
> www.joeware.net
> ---
>
> "Igor Ybema" <i.ybema@civ.utwente.nl> wrote in message
> news:airfdt$19e$1@netlx020.civ.utwente.nl...
> > Is it possible to enable SSL over LDAP in windows 2000 without
installing
> a
> > enterprise root-CA?
> >
> > According to MS-article Q247078 you need to install an Enterprise CA and
> > allow all domain controllers to receive a certificate automatically. In
> our
> > test-environment this works. After that we can use LDAPS in this
> > test-enviroment to update passwords, make accounts etc. Now we need to
use
> > LDAPS in our production environment but we still have to decide how our
> > CA-hierachy will look like. So we cant install a enterprise-CA yet and
we
> > can not wait for this. Is it somehow possible to use temporary self
signed
> > certificates to enable SSL over LDAP on one server?
> >
> > regards,
> >
> > Igor Ybema, University of Twente, Enschede, the Netherlands
> >
> >
> >
> >
> >
>
>

Relevant Pages

  • RE: asp.net and ldap
    ... The application's ldap requery code works well on your development ... however you're encoutering "the server is not operational" error ... If so, based on my experience, this should be a certificate related ... Computer Certificate Store's Trusted root CA to see whether you can find ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: asp.net and ldap
    ... The application's ldap requery code works well on your development ... however you're encoutering "the server is not operational" error ... If so, based on my experience, this should be a certificate related ... > Computer Certificate Store's Trusted root CA to see whether you can find ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Does samba 3.0.14Aa on OS 5.0.6 work with ldapsam backend on another LDAP server?
    ... used 3.0.9 on SCO 5.0.6 for quite some time after suffering problems I ... a RedHat4 box running samba 3.0.10 and OpenLDAP 2.2.13. ... and no LDAP server (although there were the ... share on the SCO server without any smbpasswd on that server! ...
    (comp.unix.sco.misc)
  • RE: LDAP & Find People not working
    ... need to refer to the KB article below to know how to use LDAP: ... | Yes, the scanner is on the local area network, so as you indicated below, ... | So I wonder why the scanner does not see the LDAP server. ...
    (microsoft.public.windows.server.sbs)
  • slapd - slow starting
    ... contact LDAP server ... then slapd started fine but I without ldap in nsswitch.conf I cant ... # The user ID attribute (defaults to uid) ... # SSL enabled. ...
    (freebsd-stable)