Ldap – How to retrieve the LDAP server certificate for Windows 2008 and 2003 global catalog servers

active-directorydomain-controllerldapwindows-server-2003windows-server-2008

Windows Server 2008 | Windows Server 2003

I want to leverage LDAPS on a linux appliance. The vendor requires the server certificate for my Windows 2008 | Windows 2003 global catalog servers so it can initiate secure calls to TCP/3269 (and perhaps TCP/636). For security purposes, they don't implicitly trust self-signed certs so I need to retrieve it from the server and pre-load the public key on the appliance.

Can someone point me to instructions for how to retrieve these server certs in Windows?

Best Answer

First of all, I highly recommend installing an Enterprise root CA, as alluded to in the comments, because it makes certificate management loads easier. You can even script or configure automatic certificate requests and issuance policies, in addition to having a central source for certificates.

Having said that, the procedure for retrieving a machine certificate is fairly straightforward.

Log onto the machine in question. Open the Microsoft Management Console (MMC.exe). Go to Add/Remove Snap-in.... Select Certificates, Add ->. At the pop-up dialogue, select the Computer account radio button, hit Next > and select the Local Computer radio button and hit Finish (should be selected by default).

Click OK, and expand Certificates. the one you're looking for should be under a subfolder of Personal called Certificates, and if multiple are present, should be the one with the machine name in it, of Template type Computer, assuming a default certificate deployment configuration. See the screenshot below.

Certmgr.msc

Best Answer

Related Solutions

Firewall – Using Active Directory through a Firewall

Exchange 2003 SP2 and Windows Server 2008 R2 Domain Controllers

Related Topic