Self-Signed certs for LDAPS
-
So I'll start off by acknowledging that self-signed certs are less than ideal for most purposes.
Right now my goal is to get rid of plain-text LDAP on the network and want to make sure that I'm not trading one security hole for another.
I've found a couple of sets of instructions online and figured I'd run the idea past the assembled brain-power before going too far down the rabbit hole.
https://anandthearchitect.com/2019/10/10/active-directory-self-signed-certificate-for-ldaps/
https://www.javaxt.com/wiki/Tutorials/Windows/How_to_Enable_LDAPS_in_Active_Directory
Open to other suggestions to move from LDAP to LDAPS, but I'm in an environment that has too much legacy stuff to scrap it and / or AD so that whole possible course of action is the non-starter to end all non-starters.
-
@notverypunny said in Self-Signed certs for LDAPS:
So I'll start off by acknowledging that self-signed certs are less than ideal for most purposes.
Right now my goal is to get rid of plain-text LDAP on the network and want to make sure that I'm not trading one security hole for another.
I've found a couple of sets of instructions online and figured I'd run the idea past the assembled brain-power before going too far down the rabbit hole.
https://anandthearchitect.com/2019/10/10/active-directory-self-signed-certificate-for-ldaps/
https://www.javaxt.com/wiki/Tutorials/Windows/How_to_Enable_LDAPS_in_Active_Directory
Open to other suggestions to move from LDAP to LDAPS, but I'm in an environment that has too much legacy stuff to scrap it and / or AD so that whole possible course of action is the non-starter to end all non-starters.
In an on-prem only AD environment, no problem using self signed.
