Note Only LDAP data transfers are exposed. Other authentication or authorization data using Kerberos, SASL, and even NTLM have their own encryption systems. The Microsoft Management Console (mmc) snap-ins, since Windows 2000 SP4 have used LDAP sign and seal or Simple Authentication and Security Layer (SASL) and replication between domain controllers is encrypted using Kerberos.
Warning Before you install a certification authority (CA), you should be aware that you are creating or extending a public key infrastructure (PKI). Be sure to design a PKI that is appropriate for your organization. See PKI Design Brief Overview for additional information.
To request a certificate from your LDAPSL server, do the following on each domain controller that requires LDAPS connections:
Kurt L Hudson edited Revision 35. Comment: Updated based on additional feedback from Matthew Rimer
Kurt L Hudson edited Revision 34. Comment: Updated based on additional feedback from Matthew Rimer
Kurt L Hudson edited Revision 33. Comment: Removed the unnecessary, by default as pointed out by Matthew Rimmer
Kurt L Hudson edited Revision 32. Comment: Update based on feedback from Matthew Rimmer and Jonathan Stephens
Kurt L Hudson edited Revision 31. Comment: Updated to mention the issue with current command line tools and NTDS\Personal storage management
Kurt L Hudson edited Revision 30. Comment: Fixed the autorenewal with autoenrollment
Kurt L Hudson edited Revision 29. Comment: Removed "the" to improve a title
Kurt L Hudson edited Revision 28. Comment: Minor edits to fix some typos
Kurt L Hudson edited Revision 27. Comment: Corrected the certificate import steps and added screen captures for the steps
Kurt L Hudson edited Revision 26. Comment: Updated formatting and paragraph placement
Kurt L Hudson edited Revision 19. Comment: Finished the certificate template duplication procedure.
Kurt L Hudson edited Revision 20. Comment: Completed the steps and screen captures for certificate issuance and request
Kurt L Hudson edited Revision 21. Comment: Updated formatting, made some corrections and additions, clearly identified section that is under construction
Kurt L Hudson edited Revision 22. Comment: Removed the warning about under construction from the TOC by reducing to normal text