elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
iredmail-doc/en_US/iredmail-easy/0-iredmail-easy.setup.ad.ss...

4.2 KiB
Raw Blame History

iRedMail Easy: Setup SSL support for Windows Active Directory

[TOC]

Summary

Windows Active Directory requires secure connection for updating user password from another host via LDAP protocol. In this tutorial, we will show you how to setup SSL support for Active Directory with a self-signed ssl cert.

This tutorial has been tested on:

  • Windows Server 2012

If it works for you on different Windows Server version, please let us know.

Enable Active Directory Certificate Services

  • Click Start on bottom-left corner of your Windows OS, click Server Manager.

  • Click Manage on top-right corner, click Add Roles and Features.

{:width="1024px"}

  • Click Next:

  • Choose Role-based or feature-based installation. Click Next.

  • Select your server from the server pool. Click Next.

  • Choose Active Directory Certificate Services from the list, and click Next.

  • Click Next directly without choosing any item from list on the Features page.

  • Click Next.

  • Toggle on Certificate Authority and click Next.

  • Click Install to install selected roles/features.

  • It may take some time to finish, after finished, close the wizard window.

Create a self-signed certificate

Now lets create a certificate using AD CS Configuration Wizard, To open the wizard:

  • Click Start on bottom-left corner of your Windows OS, click Server Manager.

  • Click Alert Flag on top-right corner, click Configure Active Directory Certificate Services on the destincation server.

  • Click Next:

  • Choose Certification Authority. Click Next.

  • Choose Enterprise CA. Click Next.

  • Choose Root CA as the type of CA, click Next.

  • Since we do not possess a private key lets create a new one. choose Create a new private key, Click Next.

  • Choose SHA1 as the Hash algorithm, change key lenth to 4096, Click Next.

  • Click Next.

  • Specifying validity period of the certificate. Choosing 99 years. Click Next.

  • Choose default database locations, click Next.

  • Click Configure to confirm.

  • Once the configuration is successful/complete. Click Close.

  • Restart system.

Test LDAPS

After restart system, we can connect to the LDAP server over SSL. Now let us try to connect to LDAP Server (with and without SSL) using the ldp.exe tool.

Connection strings for:

  • LDAP:\\ad.iredmail.org:389

  • LDAPS:\\ad.iredmail.org:636

  • Click Start on bottom-left corner of your Windows OS,

  • Click Search on top-right corner, enter ldp.exe in the input box.

  • Connection and fill in the following parameters and click OK to connect:

  • If Connection is successful, you will see the following message in the ldp.exe tool:

  • To Connect to LDAPS (LDAP over SSL), use port 636 and mark SSL. Click OK to connect.

  • If connection is successful, you will see the following message in the ldp.exe tool: