To enable SSL three steps are involved:
- Acquiring and installing a certificate
- Creating an SSL binding in IIS
- Assigning the certificate to the IP:Port of the IIS binding
The PEM format is the most common format that Certificate Authorities issue certificates in. PEM certificates usually have extentions such as .pem, .crt, .cer, and .key. They are Base64 encoded ASCII files and contain "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" statements. Server certificates, intermediate certificates, and private keys can all be put into the PEM format.
By default, the Microsoft LDAP implementation does not support secure LDAP. To setup secure LDAP using SSL, certificates must be installed on both sides, the LDAP Server and LDAP Client. In this case, the LDAP Server is the domain controller running Active Directory. The LDAP Client is the UMRA software, either the UMRA Console application or the UMRA Service.
The certificates required to run secure LDAP using SSL can be configured in many ways. The concept is always the same: