Configure LDAP SSL

Secure connection to LDAP by using Certificate.

Setup LDAPS (LDAP over SSL)

Click on Start –> Server Manager –> Add Roles and Features. Click Next.


Choose Role-based or feature-based installation. Click Next.


Select The server from the server pool. Click Next.


Choose Active Directory Certificate Services from the list of roles and click Next.


Choose nothing from the list of features and click Next.


Click Next.


Mark “Certificate Authority” from the list of roles and click Next.


Click Install to confirm installation.


Once the installation is complete, Click Close.


Now let’s create a certificate using AD CS Configuration Wizard. To open the wizard, click on “Configure Active Directory Certificate Services on the destination server” in the above screen. And then click Close.


Choose Certification Authority from the list of roles. Click Next.


Since this is a local box setup without a domain, we are going to choose a Standalone CA. Click Next.


Choosing Root CA as the type of CA, click Next.


Since we do not possess a private key – let’s create a new one. Click Next.


Choosing SHA1 as the Hash algorithm. Click Next.

UPDATE : Recommended to select the most recent hashing algorithm since SHA-1 deprecation countdown


The name of the CA must match the Hostname (requirement number 2). Enter “LDAPSTEST” and Click Next.


Specifying the validity period of the certificate. Choosing Default 5 years. Click Next.


Choosing default database locations, click Next.


Click Configure to confirm.


Once the configuration is successful/complete. Click Close.


1. On your CA Server launch the Certification Authority Management Console > Certificate Templates > Right Click > Manage.

Server 2012 Manage Certificates

2. Locate the Kerberos Authentication certificate > Make a Duplicate.

PKI Duplicate Template

3. General Tab > Call it ‘LDAPoverSSL’ > Set its validity period

LDAPoverSSL Certificate

4. Request Handling Tab > Select ‘Allow private key to be exported’ > Apply > OK.

Allow Private Key to be Exported

5. Right click Certificate Templates again > Certificate Template to issue.

2012 Issue Digital Certificate

6. Locate and select the ‘LDAPoverSSL’ certificate > OK.

PKI Templates

7. Now logon to a DOMAIN CONTROLLER > Windows Key+R > mmc {Enter} > File > Add/Remove Snap-in > Add in the Certificates Snap-In > Computer account > Finish > OK > Expand Certificates > Personal > Certificates > Right Click > All Tasks > Request New Certificate > Next > Next.

  • you will need to restart the domain controller.
Request New Certificate

8. Select the LDAPoverSSL Certificate > Enroll > Close the Certificate Snap-in.

Enroll for LDAPS

Now let us try to connect to LDAP Server (with SSL) using the ldp.exe tool.

Click on Start –> Search ldp.exe –> Connection and fill in the following parameters and click OK to connect:


If connection is successful, you will see the following message in the ldp.exe tool:


Author: Meni T.

IT Infrastructure Manager

10 thoughts on “Configure LDAP SSL”

  1. Heya i am for the first time here. I came across this board and I to find It really useful & it helped me out a lot. I’m hoping to give one thing again and help others like you helped me.

    Liked by 1 person

  2. I do enjoy the way you have presented this concern and it really does present me some fodder for consideration. On the other hand, from just what I have seen, I just simply trust when the commentary stack on that people continue to be on issue and don’t start upon a soap box regarding some other news of the day. Still, thank you for this fantastic point and although I do not agree with the idea in totality, I regard your point of view.


  3. Simply wish to say your article is as astounding. The clarity in your post is just nice and i could assume you’re an expert on this subject. Fine with your permission allow me to grab your feed to keep up to date with forthcoming post. Thanks a million and please carry on the enjoyable work.


  4. As I web site possessor I believe the content matter here is rattling excellent , appreciate it for your efforts. You should keep it up forever! Good Luck.


  5. Amazing blog! Is your theme custom made or did you download it from somewhere? A design like yours with a few simple adjustements would really make my blog shine. Please let me know where you got your theme. Thank you


  6. Good day I am so grateful I found your weblog, I really found you by accident, while I was browsing on Google for something else, Regardless I am here now and would just like to say thank you for a incredible post and a all round entertaining blog (I also love the theme/design), I don’t have time to go through it all at the minute but I have saved it and also included your RSS feeds, so when I have time I will be back to read a great deal more, Please do keep up the superb job.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: