elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Cleanup.

This commit is contained in:
Zhang Huangbin 2018-09-14 15:16:46 +08:00
parent e545bf65c8
commit 97dfb746b2
1 changed files with 76 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

134
html/cloud-setup.ad.ssl.html
View File

@ -62,7 +62,8 @@ setup SSL support for Active Directory with a self-signed ssl cert.</p>
<ul>
<li>Choose <code>Active Directory Certificate Services</code> from the list, and click Next.</li>
</ul>
<p><img alt="" src="./images/setup.ad.ssl/setup_ad_ssl_4.png" /></p>
<p><img alt="" src="./images/setup.ad.ssl/setup_ad_ssl_4-1.png" /></p>
<p><img alt="" src="./images/setup.ad.ssl/setup_ad_ssl_4-2.png" /></p>
<ul>
<li>Click Next directly without choosing any item from list on the <code>Features</code> page.</li>
</ul>
@ -84,73 +85,90 @@ setup SSL support for Active Directory with a self-signed ssl cert.</p>
</ul>
<p><img alt="" src="./images/setup.ad.ssl/setup_ad_ssl_9.png" /></p>
<h2 id="create-a-self-signed-certificate">Create a self-signed certificate</h2>
<p>Now lets create a certificate using AD CS Configuration Wizard. To open the wizard, click on “Configure Active Directory Certificate Services on the destination server” in the above screen. And then click Close. We can use the currently logged on user azureuser to configure role services since it belongs to the local Administrators group. Click Next.</p>
<p><img alt="setup_ldaps_10" src="./images/windows_ad/setup_ldaps/setup_ldaps_10.png" /></p>
<ol>
<li>Choose Certification Authority from the list of roles. Click Next.</li>
</ol>
<p><img alt="setup_ldaps_11" src="./images/windows_ad/setup_ldaps/setup_ldaps_11.png" /></p>
<ol>
<li>Since this is a local box setup without a domain, we are going to choose a Enterprise CA. Click Next.</li>
</ol>
<p><img alt="setup_ldaps_12" src="./images/windows_ad/setup_ldaps/setup_ldaps_12.png" /></p>
<ol>
<li>Choosing Root CA as the type of CA, click Next.</li>
</ol>
<p><img alt="setup_ldaps_13" src="./images/windows_ad/setup_ldaps/setup_ldaps_13.png" /></p>
<ol>
<li>Since we do not possess a private key lets create a new one. Click Next.</li>
</ol>
<p><img alt="setup_ldaps_14" src="./images/windows_ad/setup_ldaps/setup_ldaps_14.png" /></p>
<ol>
<li>Choosing SHA1 as the Hash algorithm. Click Next.</li>
</ol>
<p><img alt="setup_ldaps_15" src="./images/windows_ad/setup_ldaps/setup_ldaps_15.png" /></p>
<ol>
<p>Now lets create a certificate using AD CS Configuration Wizard, To open the wizard:</p>
<ul>
<li>Click <code>Start</code> on bottom-left corner of your Windows OS, click <code>Server Manager</code>.</li>
</ul>
<p><img alt="" src="./images/setup.ad.ssl/start-server-manager.png" /></p>
<ul>
<li>Click <code>Alert Flag</code> on top-right corner, click <code>Configure Active Directory Certificate Services on the destincation server</code>.</li>
</ul>
<p><img alt="" src="./images/setup.ad.ssl/server_manager_configuration_ad_certificate.png" /></p>
<ul>
<li>Click <code>Next</code>:</li>
</ul>
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_1.png" /></p>
<ul>
<li>Choose <code>Certification Authority</code>. Click Next.</li>
</ul>
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_2.png" /></p>
<ul>
<li>Choose <code>Enterprise CA</code>. Click Next.</li>
</ul>
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_3.png" /></p>
<ul>
<li>Choose <code>Root CA</code> as the type of CA, click Next.</li>
</ul>
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_4.png" /></p>
<ul>
<li>Since we do not possess a private key lets create a new one. choose <code>Create a new private key</code>, Click Next.</li>
</ul>
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_5.png" /></p>
<ul>
<li>Choose <code>SHA1</code> as the Hash algorithm, change key lenth to <code>4096</code>, Click Next.</li>
</ul>
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_6.png" /></p>
<ul>
<li>Click Next.</li>
</ol>
<p><img alt="setup_ldaps_16" src="./images/windows_ad/setup_ldaps/setup_ldaps_16.png" /></p>
<ol>
<li>Specifying validity period of the certificate. Choosing 99 years. Click Next.</li>
</ol>
<p><img alt="setup_ldaps_17" src="./images/windows_ad/setup_ldaps/setup_ldaps_17.png" /></p>
<ol>
<li>Choosing default database locations, click Next.</li>
</ol>
<p><img alt="setup_ldaps_18" src="./images/windows_ad/setup_ldaps/setup_ldaps_18.png" /></p>
<ol>
</ul>
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_7.png" /></p>
<ul>
<li>Specifying validity period of the certificate. Choosing <code>99 years</code>. Click Next.</li>
</ul>
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_8.png" /></p>
<ul>
<li>Choose default database locations, click Next.</li>
</ul>
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_9.png" /></p>
<ul>
<li>Click Configure to confirm.</li>
</ol>
<p><img alt="setup_ldaps_19" src="./images/windows_ad/setup_ldaps/setup_ldaps_19.png" /></p>
<ol>
</ul>
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_10.png" /></p>
<ul>
<li>Once the configuration is successful/complete. Click Close.</li>
</ol>
<p><img alt="setup_ldaps_20" src="./images/windows_ad/setup_ldaps/setup_ldaps_20.png" /></p>
<ol>
</ul>
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_11.png" /></p>
<ul>
<li>Restart system.</li>
</ol>
</ul>
<h3 id="test-ldaps">Test LDAPS</h3>
<p>After restart system, we can connect to the LDAP server over SSL.
Now let us try to connect to LDAP Server (with and without SSL) using the ldp.exe tool.</p>
<p>Connection strings for:
- <code>LDAP:\\ad.iredmail.org:389</code>
- <code>LDAPS:\\ad.iredmail.org:636</code></p>
<ol>
<li>Click on Start --&gt; Search ldp.exe --&gt; Connection and fill in the following parameters and click OK to connect:</li>
</ol>
<p><img alt="test_ldap_1" src="./images/windows_ad/setup_ldaps/test_ldap_1.png" /></p>
<ol>
<p>Connection strings for:</p>
<ul>
<li><code>LDAP:\\ad.iredmail.org:389</code></li>
<li>
<p><code>LDAPS:\\ad.iredmail.org:636</code></p>
</li>
<li>
<p>Click <code>Start</code> on bottom-left corner of your Windows OS,</p>
</li>
<li>Click <code>Search</code> on top-right corner, enter <code>ldp.exe</code> in the input box. </li>
<li>Connection and fill in the following parameters and click OK to connect:</li>
</ul>
<p><img alt="" src="./images/setup.ad.ssl/test_ldap_1.png" /></p>
<ul>
<li>If Connection is successful, you will see the following message in the ldp.exe tool:</li>
</ol>
<p><img alt="test_ldap_2" src="./images/windows_ad/setup_ldaps/test_ldap_2.png" /></p>
<ol>
</ul>
<p><img alt="" src="./images/setup.ad.ssl/test_ldap_2.png" /></p>
<ul>
<li>To Connect to LDAPS (LDAP over SSL), use port 636 and mark SSL. Click OK to connect.</li>
</ol>
<p><img alt="test_ldaps_1" src="./images/windows_ad/setup_ldaps/test_ldaps_1.png" /></p>
<ol>
</ul>
<p><img alt="" src="./images/setup.ad.ssl/test_ldaps_1.png" /></p>
<ul>
<li>If connection is successful, you will see the following message in the ldp.exe tool:</li>
</ol>
<p><img alt="test_ldaps_2" src="./images/windows_ad/setup_ldaps/test_ldaps_2.png" /></p><div class="footer">
</ul>
<p><img alt="" src="./images/setup.ad.ssl/test_ldaps_2.png" /></p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div>
<!-- Global site tag (gtag.js) - Google Analytics -->