2019-09-18 23:30:03 -05:00
|
|
|
|
# iRedMail Easy: Setup SSL support for Windows Active Directory
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-07 10:29:32 -05:00
|
|
|
|
[TOC]
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-07 10:29:32 -05:00
|
|
|
|
## Summary
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-07 10:29:32 -05:00
|
|
|
|
Windows Active Directory requires secure connection for updating user password
|
|
|
|
|
from another host via LDAP protocol. In this tutorial, we will show you how to
|
|
|
|
|
setup SSL support for Active Directory with a self-signed ssl cert.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-07 10:29:32 -05:00
|
|
|
|
This tutorial has been tested on:
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-07 10:29:32 -05:00
|
|
|
|
- Windows Server 2012
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-07 10:29:32 -05:00
|
|
|
|
If it works for you on different Windows Server version, please let us know.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-07 10:29:32 -05:00
|
|
|
|
## Enable Active Directory Certificate Services
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-07 10:29:32 -05:00
|
|
|
|
- Click `Start` on bottom-left corner of your Windows OS, click `Server Manager`.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-26 05:47:58 -05:00
|
|
|
|
![](./images/ad/start-server-manager.png)
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-07 10:29:32 -05:00
|
|
|
|
- Click `Manage` on top-right corner, click `Add Roles and Features`.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-07 10:29:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/server-manager-add-roles-and-features.png){:width="1024px"}
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-07 10:29:32 -05:00
|
|
|
|
- Click `Next`:
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-07 10:29:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/setup_ad_ssl_1.png)
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-07 10:29:32 -05:00
|
|
|
|
- Choose `Role-based or feature-based installation`. Click Next.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-07 10:29:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/setup_ad_ssl_2.png)
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-07 10:29:32 -05:00
|
|
|
|
- Select your server from the server pool. Click Next.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-07 10:29:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/setup_ad_ssl_3.png)
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-07 10:29:32 -05:00
|
|
|
|
- Choose `Active Directory Certificate Services` from the list, and click Next.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:32:41 -05:00
|
|
|
|
![](./images/setup.ad.ssl/setup_ad_ssl_4-1.png)
|
|
|
|
|
|
|
|
|
|
![](./images/setup.ad.ssl/setup_ad_ssl_4-2.png)
|
|
|
|
|
|
2018-09-07 10:29:32 -05:00
|
|
|
|
|
|
|
|
|
- Click Next directly without choosing any item from list on the `Features` page.
|
|
|
|
|
|
|
|
|
|
![](./images/setup.ad.ssl/setup_ad_ssl_5.png)
|
|
|
|
|
|
|
|
|
|
- Click Next.
|
|
|
|
|
|
|
|
|
|
![](./images/setup.ad.ssl/setup_ad_ssl_6.png)
|
|
|
|
|
|
|
|
|
|
- Toggle on `Certificate Authority` and click Next.
|
|
|
|
|
|
|
|
|
|
![](./images/setup.ad.ssl/setup_ad_ssl_7.png)
|
|
|
|
|
|
|
|
|
|
- Click `Install` to install selected roles/features.
|
|
|
|
|
|
|
|
|
|
![](./images/setup.ad.ssl/setup_ad_ssl_8.png)
|
|
|
|
|
|
|
|
|
|
- It may take some time to finish, after finished, close the wizard window.
|
|
|
|
|
|
|
|
|
|
![](./images/setup.ad.ssl/setup_ad_ssl_9.png)
|
|
|
|
|
|
|
|
|
|
## Create a self-signed certificate
|
|
|
|
|
|
2018-09-13 22:32:41 -05:00
|
|
|
|
Now letās create a certificate using AD CS Configuration Wizard, To open the wizard:
|
|
|
|
|
|
|
|
|
|
- Click `Start` on bottom-left corner of your Windows OS, click `Server Manager`.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-26 05:47:58 -05:00
|
|
|
|
![](./images/ad/start-server-manager.png)
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:32:41 -05:00
|
|
|
|
- Click `Alert Flag` on top-right corner, click `Configure Active Directory Certificate Services on the destincation server`.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:32:41 -05:00
|
|
|
|
![](./images/setup.ad.ssl/server_manager_configuration_ad_certificate.png)
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:32:41 -05:00
|
|
|
|
- Click `Next`:
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:36:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/config_ad_ssl_1.png)
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:44:43 -05:00
|
|
|
|
- Choose `Certification Authority`. Click Next.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:36:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/config_ad_ssl_2.png)
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:44:43 -05:00
|
|
|
|
- Choose `Enterprise CA`. Click Next.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:36:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/config_ad_ssl_3.png)
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:44:43 -05:00
|
|
|
|
- Choose `Root CA` as the type of CA, click Next.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:36:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/config_ad_ssl_4.png)
|
2018-09-13 22:32:41 -05:00
|
|
|
|
|
2018-09-13 22:44:43 -05:00
|
|
|
|
- Since we do not possess a private key ā letās create a new one. choose `Create a new private key`, Click Next.
|
2018-09-13 22:32:41 -05:00
|
|
|
|
|
2018-09-13 22:36:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/config_ad_ssl_5.png)
|
2018-09-13 22:32:41 -05:00
|
|
|
|
|
2018-09-13 22:44:43 -05:00
|
|
|
|
- Choose `SHA1` as the Hash algorithm, change key lenth to `4096`, Click Next.
|
2018-09-13 22:32:41 -05:00
|
|
|
|
|
2018-09-13 22:36:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/config_ad_ssl_6.png)
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:44:43 -05:00
|
|
|
|
- Click Next.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:36:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/config_ad_ssl_7.png)
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:44:43 -05:00
|
|
|
|
- Specifying validity period of the certificate. Choosing `99 years`. Click Next.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:36:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/config_ad_ssl_8.png)
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:44:43 -05:00
|
|
|
|
- Choose default database locations, click Next.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:36:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/config_ad_ssl_9.png)
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:44:43 -05:00
|
|
|
|
- Click Configure to confirm.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:36:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/config_ad_ssl_10.png)
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:44:43 -05:00
|
|
|
|
- Once the configuration is successful/complete. Click Close.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:36:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/config_ad_ssl_11.png)
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:44:43 -05:00
|
|
|
|
- Restart system.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
|
|
|
|
### Test LDAPS
|
|
|
|
|
After restart system, we can connect to the LDAP server over SSL.
|
|
|
|
|
Now let us try to connect to LDAP Server (with and without SSL) using the ldp.exe tool.
|
|
|
|
|
|
|
|
|
|
Connection strings for:
|
2018-09-13 22:32:41 -05:00
|
|
|
|
|
2018-09-07 04:15:02 -05:00
|
|
|
|
- `LDAP:\\ad.iredmail.org:389`
|
|
|
|
|
- `LDAPS:\\ad.iredmail.org:636`
|
|
|
|
|
|
2018-09-13 22:44:43 -05:00
|
|
|
|
- Click `Start` on bottom-left corner of your Windows OS,
|
2019-06-06 02:36:43 -05:00
|
|
|
|
- Click `Search` on top-right corner, enter `ldp.exe` in the input box.
|
2018-09-13 22:44:43 -05:00
|
|
|
|
- Connection and fill in the following parameters and click OK to connect:
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:36:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/test_ldap_1.png)
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:44:43 -05:00
|
|
|
|
- If Connection is successful, you will see the following message in the ldp.exe tool:
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:36:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/test_ldap_2.png)
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:44:43 -05:00
|
|
|
|
- To Connect to LDAPS (LDAP over SSL), use port 636 and mark SSL. Click OK to connect.
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:36:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/test_ldaps_1.png)
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:44:43 -05:00
|
|
|
|
- If connection is successful, you will see the following message in the ldp.exe tool:
|
2018-09-07 04:15:02 -05:00
|
|
|
|
|
2018-09-13 22:36:32 -05:00
|
|
|
|
![](./images/setup.ad.ssl/test_ldaps_2.png)
|