I need to set up SSL over Active Directory. I googled a lot but could not found a decent write up about how to do this. Please if you know some good resources about this let me know. Thanks!
我需要在Active Directory上设置SSL。我google了很多,但找不到关于如何做到这一点的体面写作。如果你知道一些关于此的好资源,请告诉我。谢谢!
4 个解决方案
#1
5
Sounds easy - but I ran into quite a few problems getting trusted connections with SSL working in our environment. The article was about ADAM but is just as applicable for AD. In our environment I couldn't install domain-related services like cert-server, nor act as domain-admin.
听起来很简单 - 但我遇到了很多问题,在我们的环境中使用SSL工作的可信连接。这篇文章是关于ADAM的,但同样适用于AD。在我们的环境中,我无法安装与域名相关的服务,如cert-server,也不能充当域管理员。
I blogged about how I got this working a while back
我在博客上写了一篇关于我如何让它工作一段时间的文章
Dan and Erlend's postings were invaluable.
Dan和Erlend的帖子非常宝贵。
Took some backflips to get it done.
采取一些后空翻来完成它。
#2
1
The Lightweight Directory Access Protocol (LDAP) is used to read from and write to Active Directory. By default, LDAP traffic is transmitted unsecured. You can make LDAP traffic confidential and secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology. You can enable LDAP over SSL (LDAPS) by installing a properly formatted certificate from either a Microsoft certification authority (CA) or a non-Microsoft CA according to the guidelines in this article.
轻量级目录访问协议(LDAP)用于读取和写入Active Directory。默认情况下,LDAP流量的传输是不安全的。您可以使用安全套接字层(SSL)/传输层安全性(TLS)技术使LDAP流量保密且安全。您可以根据本文中的准则,通过从Microsoft证书颁发机构(CA)或非Microsoft CA安装格式正确的证书来启用LDAP over SSL(LDAPS)。
#3
0
Can you be more specific. What is the client trying to do? Active directory support ldap over ssl by default. There is nothing that should be done to activate it. It is done in port 636/tcp. http://technet.microsoft.com/en-us/library/bb727063.aspx
你可以说得更详细点吗。客户试图做什么?默认情况下,Active Directory支持ldap over ssl。激活它没有什么可以做的。它在端口636 / tcp中完成。 http://technet.microsoft.com/en-us/library/bb727063.aspx
#4
0
The absolute fastest way to install SSL into AD is to load MS certificate services. Once this is installed, all domain controllers will request a new certificate automatically and update themselves...
在AD中安装SSL的绝对最快方法是加载MS证书服务。安装完成后,所有域控制器都将自动请求新证书并自行更新...
#1
5
Sounds easy - but I ran into quite a few problems getting trusted connections with SSL working in our environment. The article was about ADAM but is just as applicable for AD. In our environment I couldn't install domain-related services like cert-server, nor act as domain-admin.
听起来很简单 - 但我遇到了很多问题,在我们的环境中使用SSL工作的可信连接。这篇文章是关于ADAM的,但同样适用于AD。在我们的环境中,我无法安装与域名相关的服务,如cert-server,也不能充当域管理员。
I blogged about how I got this working a while back
我在博客上写了一篇关于我如何让它工作一段时间的文章
Dan and Erlend's postings were invaluable.
Dan和Erlend的帖子非常宝贵。
Took some backflips to get it done.
采取一些后空翻来完成它。
#2
1
The Lightweight Directory Access Protocol (LDAP) is used to read from and write to Active Directory. By default, LDAP traffic is transmitted unsecured. You can make LDAP traffic confidential and secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology. You can enable LDAP over SSL (LDAPS) by installing a properly formatted certificate from either a Microsoft certification authority (CA) or a non-Microsoft CA according to the guidelines in this article.
轻量级目录访问协议(LDAP)用于读取和写入Active Directory。默认情况下,LDAP流量的传输是不安全的。您可以使用安全套接字层(SSL)/传输层安全性(TLS)技术使LDAP流量保密且安全。您可以根据本文中的准则,通过从Microsoft证书颁发机构(CA)或非Microsoft CA安装格式正确的证书来启用LDAP over SSL(LDAPS)。
#3
0
Can you be more specific. What is the client trying to do? Active directory support ldap over ssl by default. There is nothing that should be done to activate it. It is done in port 636/tcp. http://technet.microsoft.com/en-us/library/bb727063.aspx
你可以说得更详细点吗。客户试图做什么?默认情况下,Active Directory支持ldap over ssl。激活它没有什么可以做的。它在端口636 / tcp中完成。 http://technet.microsoft.com/en-us/library/bb727063.aspx
#4
0
The absolute fastest way to install SSL into AD is to load MS certificate services. Once this is installed, all domain controllers will request a new certificate automatically and update themselves...
在AD中安装SSL的绝对最快方法是加载MS证书服务。安装完成后,所有域控制器都将自动请求新证书并自行更新...