HOWTO SSL access to Active Directory
Table of Contents
- Installing the Certificate Services.
- Configuring Automatic Certificate Request for Domain Controllers.
- Check for Issued Certificate.
- Import certificate.
This howto will show you how to install the Certificate Services in Windows Acive Directory Servers.
Before beginning, make sure the Internet Information Server (IIS) is installed in your server.
Installing the Certificate Services
1. Click Start, select Control Panel and click Add or Remove Programs.
2. In the Add or Remove Programs window, click Add/Remove Windows Components, check the Certificate Services and click Next.
3. Click Next in the CA Type page.
4. Fill up the Common name for this CA and click Next.
5. Click Next in the Certificate Database Settings page.
6. The Certificate Services will now be installed.
7. Click Finish and restart your server.
Configuring Automatic Certificate Request for Domain Controllers
1. Click Start, select Administrative Tools and click Domain Controller Security Policy.
2. In the Default Domain Controller Security Settings window, click the Public Key Policies folder.
3. Right click Automatic Certificate Request Settings, select New and click Automatic Certificate Request.
4. Click Next in the Automatic Certificate Request Setup Wizard
5. Select Domain Controller in the Certificate Template page and click Next
6. Click Finish and reboot your server.
Check for Issued Certificate
1. Click Start, select Administrative Tools and click Certification Authority. This will launch the Certification Authority application.
2. In Certification Authority, click the + sign and check the Issued Certificates folder if your server has been issued a certificate.
1. Select the certificate and open it. Select the "Certification Path" tab and select the root certificate.
2. Click on "View Certificate" button and navigate to "Details" tab.
3. Click on "Copy to File..." button and follow the export steps to obtain the certificate.
4. Open cmd and go to the soffid-iam-sync instalation directory and execute:
jre\bin\keytool -import -file “file” -keystore conf\cacerts -alias AD_CERT
Afterwards, the console will ask you for a password. Type the default password: changeit and press enter.