Note Only LDAP data transfers are exposed. Other authentication or authorization data using Kerberos, SASL, and even NTLM have their own encryption systems. The Microsoft Management Console (mmc) snap-ins, since Windows 2000 SP4 have used LDAP sign and seal or Simple Authentication and Security Layer (SASL) and replication between domain controllers is encrypted using Kerberos.
Warning Before you install a certification authority (CA), you should be aware that you are creating or extending a public key infrastructure (PKI). Be sure to design a PKI that is appropriate for your organization. See PKI Design Brief Overview for additional information.
To request a certificate from your LDAPSL server, do the following on each domain controller that requires LDAPS connections:
Kurt L Hudson edited Revision 25. Comment: Updated the title of the Export and Import section to be more accruate
Kurt L Hudson edited Revision 24. Comment: Completed the export/import instructions - still need to verify and insert appropriate screen captures
Kurt L Hudson edited Revision 23. Comment: Completed the information for how to export the certificate as well as for marking the Private Key exportable.
Kurt L Hudson edited Revision 22. Comment: Removed the warning about under construction from the TOC by reducing to normal text
Kurt L Hudson edited Revision 21. Comment: Updated formatting, made some corrections and additions, clearly identified section that is under construction
Kurt L Hudson edited Revision 20. Comment: Completed the steps and screen captures for certificate issuance and request
Kurt L Hudson edited Revision 19. Comment: Finished the certificate template duplication procedure.
Kurt L Hudson edited Revision 18. Comment: Work in progress on this article. I am writing up the steps to publish the actual certificate as well as import that certificate into the Services store.
Kurt L Hudson edited Revision 17. Comment: updated the information to discuss the NTDS certificate store, but I plan to elaborate in near future.
Kurt L Hudson edited Revision 16. Comment: working on an update at this time, but lost cursor. Saving work now and will be making further updates
Kurt L Hudson edited Revision 34. Comment: Updated based on additional feedback from Matthew Rimer
Kurt L Hudson edited Revision 35. Comment: Updated based on additional feedback from Matthew Rimer
Kurt L Hudson edited Revision 36. Comment: Updated formatting
Kurt L Hudson edited Revision 37. Co