Hello, We are planning to enable LDAPS using a third-party cert. Following http://support.microsoft.com/kb/321051. External Public FQDN - ldap.external.com Internal Domain Controller FQDN - dc01.internal.local I am redirecting traffic from ldap.external.com to dc01.internal.local. Question: Which FQDN do i mention in the request.inf file. Because if i mention the internal name it will not work well when connecting via external fqdn. Thanks in advance.

ld = ldap_sslinit("external.domain.name", 636, 1); Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3); Error 81 = ldap_connect(hLdap, NULL); Server error: <empty> Error <0x51>: Fail to connect to external.domain.name.

We were able to resolve the issue by using SAN Attribute so the LDAPS can be used externally as well as internally. We used the following request file [Version] Signature="$Windows NT$ [NewRequest] Subject="CN=internaldcname.local, O=Company, L=City, S=State, C=US" ; replace with the FQDN of the DC KeySpec = 1 KeyLength = 2048 ; Can be 1024, 2048, 4096, 8192, or 16384. ; Larger key sizes are more secure, but have ; a greater impact on performance. Exportable = TRUE MachineKeySet = TRUE SMIME = False PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 RequestType = PKCS10 KeyUsage = 0xa0 [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication [RequestAttributes] SAN=dns=internaldcname.local&dns=externaldcname.com