Secure connection to LDAP by using Certificate.
Setup LDAPS (LDAP over SSL)
Click on Start –> Server Manager –> Add Roles and Features. Click Next.
Choose Role-based or feature-based installation. Click Next.
Select The server from the server pool. Click Next.
Choose Active Directory Certificate Services from the list of roles and click Next.
Choose nothing from the list of features and click Next.
Click Next.
Mark “Certificate Authority” from the list of roles and click Next.
Click Install to confirm installation.
Once the installation is complete, Click Close.
Now let’s create a certificate using AD CS Configuration Wizard. To open the wizard, click on “Configure Active Directory Certificate Services on the destination server” in the above screen. And then click Close.
Choose Certification Authority from the list of roles. Click Next.
Since this is a local box setup without a domain, we are going to choose a Standalone CA. Click Next.
Choosing Root CA as the type of CA, click Next.
Since we do not possess a private key – let’s create a new one. Click Next.
Choosing SHA1 as the Hash algorithm. Click Next.
UPDATE : Recommended to select the most recent hashing algorithm since SHA-1 deprecation countdown
The name of the CA must match the Hostname (requirement number 2). Enter “LDAPSTEST” and Click Next.
Specifying the validity period of the certificate. Choosing Default 5 years. Click Next.
Choosing default database locations, click Next.
Click Configure to confirm.
Once the configuration is successful/complete. Click Close.
1. On your CA Server launch the Certification Authority Management Console > Certificate Templates > Right Click > Manage.
2. Locate the Kerberos Authentication certificate > Make a Duplicate.
3. General Tab > Call it ‘LDAPoverSSL’ > Set its validity period
4. Request Handling Tab > Select ‘Allow private key to be exported’ > Apply > OK.
5. Right click Certificate Templates again > Certificate Template to issue.
6. Locate and select the ‘LDAPoverSSL’ certificate > OK.
7. Now logon to a DOMAIN CONTROLLER > Windows Key+R > mmc {Enter} > File > Add/Remove Snap-in > Add in the Certificates Snap-In > Computer account > Finish > OK > Expand Certificates > Personal > Certificates > Right Click > All Tasks > Request New Certificate > Next > Next.
- you will need to restart the domain controller.
8. Select the LDAPoverSSL Certificate > Enroll > Close the Certificate Snap-in.
Now let us try to connect to LDAP Server (with SSL) using the ldp.exe tool.
Click on Start –> Search ldp.exe –> Connection and fill in the following parameters and click OK to connect:
If connection is successful, you will see the following message in the ldp.exe tool:
Meni Tasa Blog 
I’m still learning from you, as I’m trying to reach my goals. I definitely liked reading all that is posted on your site.Keep the stories coming. I loved it!
LikeLiked by 1 person
Heya i am for the first time here. I came across this board and I to find It really useful & it helped me out a lot. I’m hoping to give one thing again and help others like you helped me.
LikeLiked by 1 person
I do enjoy the way you have presented this concern and it really does present me some fodder for consideration. On the other hand, from just what I have seen, I just simply trust when the commentary stack on that people continue to be on issue and don’t start upon a soap box regarding some other news of the day. Still, thank you for this fantastic point and although I do not agree with the idea in totality, I regard your point of view.
LikeLike
Simply wish to say your article is as astounding. The clarity in your post is just nice and i could assume you’re an expert on this subject. Fine with your permission allow me to grab your feed to keep up to date with forthcoming post. Thanks a million and please carry on the enjoyable work.
LikeLike
As I web site possessor I believe the content matter here is rattling excellent , appreciate it for your efforts. You should keep it up forever! Good Luck.
LikeLike
Amazing blog! Is your theme custom made or did you download it from somewhere? A design like yours with a few simple adjustements would really make my blog shine. Please let me know where you got your theme. Thank you
LikeLike
thank you for sharing with us, I think this website really stands out : D.
LikeLike
Real clean site, thanks for this post.
LikeLike
thank you for sharing with us, I think this website truly stands out : D.
LikeLike
Good day I am so grateful I found your weblog, I really found you by accident, while I was browsing on Google for something else, Regardless I am here now and would just like to say thank you for a incredible post and a all round entertaining blog (I also love the theme/design), I don’t have time to go through it all at the minute but I have saved it and also included your RSS feeds, so when I have time I will be back to read a great deal more, Please do keep up the superb job.
LikeLike