How to configure SSL on Active Directory?

Assuming Active Directory is already setup. See instructions for that here.

Enable Active Directory Certificate Services

  • Open Server Manager
  • Add Role
  • Choose Active Directory Certificate Services.

Certificates

  • Open MMC
  • File> Add/Remove Snap-In
  • Choose ‘Certificates’ > ‘Local Computer’
  • Once added, right-click on Certificates> All Tasks > Request New Certificate > Active Directory Enrollment Policy > Select Domain Controller, Domain Controller Authentication checkboxes> Enroll

Note that, in the same MMC, following Snap-Ins were also added, not sure if they are needed though:

  • Certification Authority (Local)
  • Certification Service (Active Dir Domain Services)
  • Certification Service (Active Dir Certificate Services)

Test

  • Start> Run> ldp.exe
  • Connect with SSL and port 636

Export Certificate (for use with Client)

  • On a Domain Controller log-in as an administrator and open Internet Explorer. Go to Tools->Internet Options->Content and click on Certificate
  • Switch to Trusted Root Certificate Authorities Tab and Select the certificate issued by your Active Directory integrated Certificate Server. Click on Export
  • Choose Base-64 encoded X.509(.CER)
  • Specify file name for the exported certificate
  • Finish the export and copy the exported .cer file

Using the exported certificate with Java client application:

  • Copy .cer file exported above to the java client machine
  • At the client machine execute the following command:

keytool -importcert -file cert.cer -keystore keystore.jks -alias “Alias”
Give a password when prompted.

This will create a .jks file that you can use with your java client program for ssl communication with Active Directory.

References:
http://blogs.msdn.com/b/alextch/archive/2012/05/15/how-to-set-active-directory-password-from-java-application.aspx
http://www.christowles.com/2010/11/enable-ldap-over-ssl-ldaps-on-windows.html

Advertisements

One response

  1. […] To enable SSL on Active Directory, and get hold of ssl certificate,  see instructions for that here. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: