Skip to main content

HOWTO SSL access to Active Directory

Table of Contents


This howto will show you how to install the Certificate Services in Windows Acive Directory Servers.

Before beginning, make sure the Internet Information Server (IIS) is installed in your server.

Installing the Certificate Services

1. Click Start, select Control Panel and click Add or Remove Programs.

WIN Connector - Installing 1.png

2. In the Add or Remove Programs window, click Add/Remove Windows Components, check the Certificate Services and click Next.

WIN Connector - Installing 2.png

3. Click Next in the CA Type page.

WIN Connector - Installing 3.png

4. Fill up the Common name for this CA and click Next.

WIN Connector - Installing 4.png

5. Click Next in the Certificate Database Settings page.

WIN Connector - Installing 5.png

6. The Certificate Services will now be installed.

WIN Connector - Installing 6.png

7. Click Finish and restart your server.

WIN Connector - Installing 7.png

Configuring Automatic Certificate Request for Domain Controllers

1. Click Start, select Administrative Tools and click Domain Controller Security Policy.

WIN Connector - Configuring 1.png

2. In the Default Domain Controller Security Settings window, click the Public Key Policies folder.

WIN Connector - Configuring 2.png

3. Right click Automatic Certificate Request Settings, select New and click Automatic Certificate Request.

WIN Connector - Configuring 3.png

4. Click Next in the Automatic Certificate Request Setup Wizard

WIN Connector - Configuring 4.png

5. Select Domain Controller in the Certificate Template page and click Next

WIN Connector - Configuring 5.png

6. Click Finish and reboot your server.

WIN Connector - Configuring 6.png

Check for Issued Certificate

1. Click Start, select Administrative Tools and click Certification Authority. This will launch the Certification Authority application.

WIN Connector - Check 1.png

2. In Certification Authority, click the + sign and check the Issued Certificates folder if your server has been issued a certificate.

WIN Connector - Check 2.png

Import certificate

1. Select the certificate and open it. Select the "Certification Path" tab and select the root certificate.

WIN Connector - Import 1.png

2. Click on "View Certificate" button and navigate to "Details" tab.

WIN Connector - Import 2.png

3. Click on "Copy to File..." button and follow the export steps to obtain the certificate.

WIN Connector - Import 3.png

4. Open cmd and go to the soffid-iam-sync instalation directory and execute:

jre\bin\keytool -import -file “file” -keystore conf\cacerts -alias AD_CERT

Afterwards, the console will ask you for a password. Type the default password: changeit and press enter.