Microsoft Active Directory (AD) Lightweight Directory Access Protocol (LDAP) server system does not include an easy GUI method to create a CSR. The following guide includes typical recommendations for you to successfully enroll and implement an SSL certificate pfx file needed for your AD LDAP. Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012.

The typical procedure is as follows.

  1. Generate the CSR for your SSL certificate from one of the following methods.
  2. After the SSL certificate has been issued you will have to install it and its intermediate back on the system or application you used to generate the CSR from step 1.
  3. You will then Export and move the SSL Certificate with its private key as a .pfx off that system or application where your SSL certificate was installed.
  4. Now that you now have your .pfx file you will then move and import your SSL certificate .pfx into you AD-LDAP system from the steps below.

How to import your SSL .pfx  certificate into your LDAP system:
On your LDAP system you will Open and create a MMC Snap-In.

  1. Start > run > MMC.
  2. Go into the Console Tab > File > Add/Remove Snap-in.mmc
  3. Click on Add > Click on Certificates and click on Add.mmc
  4. In the Certificates snap-in window select Service account.
  5. Click Next.
    LDAP SSL Install
  6. In the Select Computer window select Local computer:the computer this console is running on).
  7. Click Next.
    LDAP SSL Install
  8. In the Certificates snap-in window select Active Directory Domain Services.
  9. Click Finish.
    LDAP SSL Install
  10. Back in the Add or Remove snap-ins window click OK.
    LDAP SSL Install
  11. In the Certificates snap-in window, select Active Directory Domain Services and then, click Finish.
    If you do not see Active Directory Domain Services as a option you will have to contact Microsoft for support. Click here.
  12. In the MMC Console expand Certificates – Service (Active Directory Domain Services).
  13. Right click on NTDS/Personal.
  14. Select Import.
    LDAP SSL Install
  15. In the Certificate Import Wizard, click Next.
    MMC Import
  16. On the File to Import page, click Browse.
  17. Specify the location and path of your SSL Certificate .pfx file, click Open.
    You may have to change the file type to all in order to find your .pfx file.
  18. Click Next.
    Pfx Import
  19. On the password window specify the password that is associated with your .pfx file when you created it.
  20. Check Mark this key as exportable…
  21. Check Include all extended properties.
  22. Click Next.
    import Password mmc
  23. On the Certificates Storage window leave the default selected and click Next.
    MMC Import
  24. Click Finish.

Your client systems should now be configured to your Domain Controllers.

Verifying your SSL certificate is configured successfully:

  1. Open the LDP console by performing a search for “LDP” run as an admin.
  2. In the User Account Control window, click Yes to allow the program to make changes to the computer.
  3. In Ldp, click Connection > Connect.
    Ldap installation check
  4. In the Connect window specify the following.
    1. Server: The hostname you are wanting to connect to.
    2. Port: specify the port of the hostname you wich to connect (636).
  5. Check SSL.
  6. Uncheck Connectionless.
  7. Click OK.
    ad ldap check
  8. You should receive a command output of the user name and the domain name for the binding.
  9. If you receive a message stating Cannot open connection message, then this means LDAP-over-SSL binding is not configured properly.
  10. Click OK.
    ad ldap check
  11. Back in LDP window, click Connection > Bind.
    ad ldap binding
  12. In the Bind window, click OK.
  13. The command output should display the user name and the domain name for the binding.

Your SSL certificate should now be installed on your LDAP system.

If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or an organization that supports it.

Microsoft Support

For more information refer to Microsoft.

LoadingAdd to favorites

About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.