Access to Microsoft LDAP server with TLS encryption#
To establish a connection to the Active Directory via LDAPS or STARTTLS, the certificate from the LDAP server is required. We export this and add it to the certificate store of the i-doit server so that an encrypted communication can be established.
First we log in to the LDAP server, which usually also contains the certification authority. Then open the corresponding MMC snap-in or select via Server Manager -> Certificate Authority.
Select the properties of the certification body
Display the certificate (1), select details (2) and then copy it to a file (3).
DER Leave format selected
Select file name and directory
Copy the certificate to the i-doit system (in the example under /tmp/). Then install openssl
and convert the certificate into the PEM format:
Now update the certificate store and restart Apache:
The output file must have the file extension .crt, otherwise it will not be taken into account by the update-ca-certificates command. If it is transferred correctly, the certificate must be visible under /etc/ssl/certs/.