I’ve been looking to implement LDAP to use SSL for domain controllers only right now. So it seems the way to do it is an Enterprise root CA setup in my server 2003 AD forest.
I’ve been searching online for a few articles and have a few questions.
1. Majority of the articles suggest using “Enterprise edition” of windows server 2003, yet Standard can offer certificate services as well? I’m not sure what the difference is.
2. Does the enterprise root CA has to be on a domain controller? Can i install it on any domain controller or will be there issues? (root forest dc vs child domain dc)
3. Assuming i setup the enterprise root CA, IIS, create the cert, then i’ll just set the default domain controller policy to auto-enroll. To test i can use the ldp tool to connect over 636, SSL to test the connection. Once that is all verified, thats safe to say that LDAP between domain controllers communicate over SSL. Now if i do not autoenroll clients (computers and users) to use SSL, will they not be able to login? initially, I just want to roll out this setup for domain controllers only and not to clients.
If any one has any great articles on this, i’ll be greatful.
You must be logged in to reply to this topic.
Create a free account today to participate in forum conversations, comment on posts and more.