LDAPS Certificate Request for Third-Party Cert Question
Hello,
We are planning to enable LDAPS using a third-party cert. Following http://support.microsoft.com/kb/321051.
External Public FQDN - ldap.external.com
Internal Domain Controller FQDN - dc01.internal.local
I am redirecting traffic from ldap.external.com to dc01.internal.local.
Question: Which FQDN do i mention in the request.inf file. Because if i mention the internal name it will not work well when connecting via external fqdn.
Thanks in advance.
June 4th, 2012 12:35pm
ld = ldap_sslinit("external.domain.name", 636, 1);
Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to external.domain.name.
Free Windows Admin Tool Kit Click here and download it now
June 20th, 2012 6:59pm
We were able to resolve the issue by using SAN Attribute so the LDAPS can be used externally as well as internally. We used the following request file
[Version]
Signature="$Windows NT$
[NewRequest]
Subject="CN=internaldcname.local, O=Company, L=City, S=State, C=US" ; replace with the FQDN of the DC
KeySpec = 1
KeyLength = 2048
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
[RequestAttributes]
SAN=dns=internaldcname.local&dns=externaldcname.com
June 28th, 2012 3:00pm