Not sure about putting the CA on a DC but I can't think why it would be a requirement. You would need a cert for ldaps.
This is probably where the recommendation came from to use an Enterprise CA http://support.microsoft.com/default.aspx?scid=kb;EN-US;247078 However, in light of the question I think this answers your question: http://www.microsoft.com/technet/security/guidance/secmod154.mspx http://support.microsoft.com/default.aspx?scid=kb;en-us;321051 As long as you're not using SMTP for transport apparently. http://support.microsoft.com/default.aspx?scid=kb;en-us;222962 Overall, I think the *story* needs to be considered and these articles re-written (hint hint to MS). Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Sent: Thursday, May 20, 2004 10:55 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] LDAPS to DCs I think this thread has been on here before, but I just wanted to verify it once more. In order to use LDAPS on DC's Microsoft Documentation says a CA needs to be installed on the DC. Does anyone have any information on other methods to do LDAPS without the CA requirement? Thanks, Todd List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
