|
You will need to issue new certificates to
the DCs with the ldap.company.net in the Subject Alternative Name section. The
certificate requirements for DCs are specified in the following KB: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q291010 Though it is about 3rd part
CAs, the requirements still apply even if you are using MS CA. The key point is
that the certificate can not be issued to an alias (ldap.company.com) in the
Subject field – the alias should be part of the Alternative Name together
with DCs GUID. Guy From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Isenhour, Joseph We
currently provide LDAPS to our customers. Right now the certificates that
we load on our DC uses the DC name and the clients connect using that
name. We'd like to set up a DNS alias like: ldap.company.net. I
tried generating a cert named ldap.company.net and loaded it on a DC; however,
the clients were unable to connect. Does
anyone know if MS has a restriction that will not allow a cert to be loaded for
LDAPS if the name on the cert is not the same as the DC? Thanks
|
Title: LDAPS question
- RE: [ActiveDir] LDAPS question Guy Teverovsky
- RE: [ActiveDir] LDAPS question Isenhour, Joseph
- RE: [ActiveDir] LDAPS question Guy Teverovsky
- RE: [ActiveDir] LDAPS question Isenhour, Joseph
- RE: [ActiveDir] LDAPS question Guy Teverovsky
- RE: [ActiveDir] LDAPS question Isenhour, Joseph
- RE: [ActiveDir] LDAPS question Isenhour, Joseph
- RE: [ActiveDir] LDAPS question Guy Teverovsky
