183 lines
7.8 KiB
HTML
183 lines
7.8 KiB
HTML
<!DOCTYPE html>
|
||
<html>
|
||
<head>
|
||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
<title>iRedMail Easy: Setup SSL support for Windows Active Directory</title>
|
||
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
||
</head>
|
||
<body>
|
||
|
||
<div id="navigation">
|
||
<a href="https://www.iredmail.org" target="_blank">
|
||
<img alt="iRedMail web site"
|
||
src="./images/logo-iredmail.png"
|
||
style="vertical-align: middle; height: 30px;"
|
||
/>
|
||
<span>iRedMail</span>
|
||
</a>
|
||
// <a href="./index.html">Document Index</a></div><h1 id="iredmail-easy-setup-ssl-support-for-windows-active-directory">iRedMail Easy: Setup SSL support for Windows Active Directory</h1>
|
||
<div class="toc">
|
||
<ul>
|
||
<li><a href="#iredmail-easy-setup-ssl-support-for-windows-active-directory">iRedMail Easy: Setup SSL support for Windows Active Directory</a><ul>
|
||
<li><a href="#summary">Summary</a></li>
|
||
<li><a href="#enable-active-directory-certificate-services">Enable Active Directory Certificate Services</a></li>
|
||
<li><a href="#create-a-self-signed-certificate">Create a self-signed certificate</a><ul>
|
||
<li><a href="#test-ldaps">Test LDAPS</a></li>
|
||
</ul>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
</ul>
|
||
</div>
|
||
<h2 id="summary">Summary</h2>
|
||
<p>Windows Active Directory requires secure connection for updating user password
|
||
from another host via LDAP protocol. In this tutorial, we will show you how to
|
||
setup SSL support for Active Directory with a self-signed ssl cert.</p>
|
||
<p>This tutorial has been tested on:</p>
|
||
<ul>
|
||
<li>Windows Server 2012</li>
|
||
</ul>
|
||
<p>If it works for you on different Windows Server version, please let us know.</p>
|
||
<h2 id="enable-active-directory-certificate-services">Enable Active Directory Certificate Services</h2>
|
||
<ul>
|
||
<li>Click <code>Start</code> on bottom-left corner of your Windows OS, click <code>Server Manager</code>.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/ad/start-server-manager.png" /></p>
|
||
<ul>
|
||
<li>Click <code>Manage</code> on top-right corner, click <code>Add Roles and Features</code>.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/server-manager-add-roles-and-features.png" width="1024px" /></p>
|
||
<ul>
|
||
<li>Click <code>Next</code>:</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/setup_ad_ssl_1.png" /></p>
|
||
<ul>
|
||
<li>Choose <code>Role-based or feature-based installation</code>. Click Next.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/setup_ad_ssl_2.png" /></p>
|
||
<ul>
|
||
<li>Select your server from the server pool. Click Next.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/setup_ad_ssl_3.png" /></p>
|
||
<ul>
|
||
<li>Choose <code>Active Directory Certificate Services</code> from the list, and click Next.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/setup_ad_ssl_4-1.png" /></p>
|
||
<p><img alt="" src="./images/setup.ad.ssl/setup_ad_ssl_4-2.png" /></p>
|
||
<ul>
|
||
<li>Click Next directly without choosing any item from list on the <code>Features</code> page.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/setup_ad_ssl_5.png" /></p>
|
||
<ul>
|
||
<li>Click Next.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/setup_ad_ssl_6.png" /></p>
|
||
<ul>
|
||
<li>Toggle on <code>Certificate Authority</code> and click Next.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/setup_ad_ssl_7.png" /></p>
|
||
<ul>
|
||
<li>Click <code>Install</code> to install selected roles/features.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/setup_ad_ssl_8.png" /></p>
|
||
<ul>
|
||
<li>It may take some time to finish, after finished, close the wizard window.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/setup_ad_ssl_9.png" /></p>
|
||
<h2 id="create-a-self-signed-certificate">Create a self-signed certificate</h2>
|
||
<p>Now let’s create a certificate using AD CS Configuration Wizard, To open the wizard:</p>
|
||
<ul>
|
||
<li>Click <code>Start</code> on bottom-left corner of your Windows OS, click <code>Server Manager</code>.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/ad/start-server-manager.png" /></p>
|
||
<ul>
|
||
<li>Click <code>Alert Flag</code> on top-right corner, click <code>Configure Active Directory Certificate Services on the destincation server</code>.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/server_manager_configuration_ad_certificate.png" /></p>
|
||
<ul>
|
||
<li>Click <code>Next</code>:</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_1.png" /></p>
|
||
<ul>
|
||
<li>Choose <code>Certification Authority</code>. Click Next.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_2.png" /></p>
|
||
<ul>
|
||
<li>Choose <code>Enterprise CA</code>. Click Next.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_3.png" /></p>
|
||
<ul>
|
||
<li>Choose <code>Root CA</code> as the type of CA, click Next.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_4.png" /></p>
|
||
<ul>
|
||
<li>Since we do not possess a private key – let’s create a new one. choose <code>Create a new private key</code>, Click Next.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_5.png" /></p>
|
||
<ul>
|
||
<li>Choose <code>SHA1</code> as the Hash algorithm, change key lenth to <code>4096</code>, Click Next.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_6.png" /></p>
|
||
<ul>
|
||
<li>Click Next.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_7.png" /></p>
|
||
<ul>
|
||
<li>Specifying validity period of the certificate. Choosing <code>99 years</code>. Click Next.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_8.png" /></p>
|
||
<ul>
|
||
<li>Choose default database locations, click Next.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_9.png" /></p>
|
||
<ul>
|
||
<li>Click Configure to confirm.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_10.png" /></p>
|
||
<ul>
|
||
<li>Once the configuration is successful/complete. Click Close.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/config_ad_ssl_11.png" /></p>
|
||
<ul>
|
||
<li>Restart system.</li>
|
||
</ul>
|
||
<h3 id="test-ldaps">Test LDAPS</h3>
|
||
<p>After restart system, we can connect to the LDAP server over SSL.
|
||
Now let us try to connect to LDAP Server (with and without SSL) using the ldp.exe tool.</p>
|
||
<p>Connection strings for:</p>
|
||
<ul>
|
||
<li><code>LDAP:\\ad.iredmail.org:389</code></li>
|
||
<li>
|
||
<p><code>LDAPS:\\ad.iredmail.org:636</code></p>
|
||
</li>
|
||
<li>
|
||
<p>Click <code>Start</code> on bottom-left corner of your Windows OS,</p>
|
||
</li>
|
||
<li>Click <code>Search</code> on top-right corner, enter <code>ldp.exe</code> in the input box.</li>
|
||
<li>Connection and fill in the following parameters and click OK to connect:</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/test_ldap_1.png" /></p>
|
||
<ul>
|
||
<li>If Connection is successful, you will see the following message in the ldp.exe tool:</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/test_ldap_2.png" /></p>
|
||
<ul>
|
||
<li>To Connect to LDAPS (LDAP over SSL), use port 636 and mark SSL. Click OK to connect.</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/test_ldaps_1.png" /></p>
|
||
<ul>
|
||
<li>If connection is successful, you will see the following message in the ldp.exe tool:</li>
|
||
</ul>
|
||
<p><img alt="" src="./images/setup.ad.ssl/test_ldaps_2.png" /></p><div class="footer">
|
||
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
||
</div>
|
||
<!-- Global site tag (gtag.js) - Google Analytics -->
|
||
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
|
||
<script>
|
||
window.dataLayer = window.dataLayer || [];
|
||
function gtag(){dataLayer.push(arguments);}
|
||
gtag('js', new Date());
|
||
|
||
gtag('config', 'UA-3293801-21');
|
||
</script>
|
||
</body></html> |