Enabling SSL in Active Directory allows clients to communicate securely with AD servers. This is also required to allow a user’s Active Directory password to be changed programmatically using LDAP.
This article will show you how to install the Certificate Services in Windows 2003 to enable LDAP SSL in Active Directory.
Before beginning, make sure the Internet Information Server (IIS) is installed in your server.
Installing the Certificate Services
1. Click Start, select Control Panel and click Add or Remove Programs.
2. In the Add or Remove Programs window, click Add/Remove Windows Components, check the Certificate Services and click Next.
3. Click Next in the CA Type page.
4. Fill up the Common name for this CA and click Next.
5. Click Next in the Certificate Database Settings page.
6. The Certificate Services will now be installed.
7. Click Finish and restart your server.Configuring Automatic Certificate Request for Domain Controllers
1. Click Start, select Administrative Tools and click Domain Controller Security Policy.
2. In the Default Domain Controller Security Settings window, click the Public Key Policies folder.
3. Right click Automatic Certificate Request Settings, select New and click Automatic Certificate Request.
4. Click Next in the Automatic Certificate Request Setup Wizard.
5. Select Domain Controller in the Certificate Template page and click Next.
6. Click Finish and reboot your server.Check for Issued Certificate
1. Click Start, select Administrative Tools and click Certification Authority. This will launch the Certification Authority application.
2. In Certification Authority, click the + sign and check the Issued Certificates folder if your server has been issued a certificate.Make sure your server has been issued a certificate, otherwise SSL communication will not work.