注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

红烧鱼

linux & windows management

 
 
 

日志

 
 
关于我
mac

专注IT基础架构设计与运维。 欢迎给我留言,或邮件沟通zjwsk@163.com

网易考拉推荐

LDAP over SSL with Standalone or enterprise CA  

2013-04-19 09:39:39|  分类: Server Managemen |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
1. LDAP over SSL with a Third-party(Standalone) CA 

1.1  create request.inf file
;----------------- request.inf -----------------
[Version]
Signature="$Windows NT$
[NewRequest]
Subject = "E=macj@xx.cn, CN=vsCqCAcn.macj4ca.com, OU=ISPC, O=macj, L=Redmond, S=CQ, C=CN"
KeySpec = 1
KeyLength = 1024
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
FriendlyName = "LDAP over SSL"

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ;Server Authentication
OID=1.3.6.1.5.5.7.3.2 ;Client Authentication
;-----------------------------------------------

1.2 Create REQ file, The command must be executed in the local machine that the request server:
    certreq -new request.txt request.req ;
1.3 Submit the Certificate Request, and Change the Request Settings. This will give us a request ID, this is important, make a note of it.
    certreq -attrib "CertificateTemplate:DomainController" <requestfile>
1.4 View the request info
    certutil -view -restrict RequestID=<RequestID>
1.5 Issue certificates from the command line
    certutil -resubmit <RequestID>
1.6 export certificates
    certreq -retrieve <RequestID> certnew.cer certnew.p7b
1.7 Install the Certificate
    certreq -accept certnew.p7b
    or certreq -accept certnew.cer
1.8 verify
   certutil -viewstore My
   


2. LDAP over SSL with Enterprise Root CA
LDAP over SSL/TLS (LDAPS) is automatically enabled when you install an Enterprise Root CA on a domain controller (although installing a CA on a domain controller is not a recommended practice).

When you have a multi-tier (such as a two-tier or three-tier) CA hierarchy, you will not automatically have the appropriate certificate for LDAPS authentication on the domain controller.

3. Useful Articles on LDAP over SSL

I was recently looking into an LDAP over SSL issue, and I found some very useful articles online…here they are:

  评论这张
 
阅读(823)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017