Add SSL Certificates in Active Directory

For CAs that are not well known, you must add the root CA certificate and intermediate certificate in Active Directory. These steps allow the root CA certificate to be installed in your client systems' Trusted Root stores. For example, you might need to take these steps if your organization uses an internal certificate service.

PowerShell Snap-in: Configuring SSL with the IIS PowerShell Snap-in

Based on article from: http://www.iis.net/learn/manage/powershell/powershell-snap-in-configuring-ssl-with-the-iis-powershell-snap-in

To enable SSL three steps are involved:

  1. Acquiring and installing a certificate
  2. Creating an SSL binding in IIS
  3. Assigning the certificate to the IP:Port of the IIS binding

and optionally:

Using openssl to convert CA certificates to different types

PEM Format

The PEM format is the most common format that Certificate Authorities issue certificates in. PEM certificates usually have extentions such as .pem, .crt, .cer, and .key. They are Base64 encoded ASCII files and contain "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" statements. Server certificates, intermediate certificates, and private keys can all be put into the PEM format.

Secure LDAP in an Active Directory Environment

By default, the Microsoft LDAP implementation does not support secure LDAP. To setup secure LDAP using SSL, certificates must be installed on both sides, the LDAP Server and LDAP Client. In this case, the LDAP Server is the domain controller running Active Directory. The LDAP Client is the UMRA software, either the UMRA Console application or the UMRA Service.

The certificates required to run secure LDAP using SSL can be configured in many ways. The concept is always the same:

Subscribe to RSS - certificates