ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Self-Signed certs for LDAPS

    IT Discussion
    2
    2
    329
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      notverypunny
      last edited by

      So I'll start off by acknowledging that self-signed certs are less than ideal for most purposes.

      Right now my goal is to get rid of plain-text LDAP on the network and want to make sure that I'm not trading one security hole for another.

      I've found a couple of sets of instructions online and figured I'd run the idea past the assembled brain-power before going too far down the rabbit hole.

      https://anandthearchitect.com/2019/10/10/active-directory-self-signed-certificate-for-ldaps/

      https://social.technet.microsoft.com/Forums/en-US/667ec29d-d83a-49b4-9280-308964359154/best-way-to-enable-ldaps-self-signed-certificate?forum=winserversecurity

      https://www.javaxt.com/wiki/Tutorials/Windows/How_to_Enable_LDAPS_in_Active_Directory

      Open to other suggestions to move from LDAP to LDAPS, but I'm in an environment that has too much legacy stuff to scrap it and / or AD so that whole possible course of action is the non-starter to end all non-starters.

      O 1 Reply Last reply Reply Quote 0
      • O
        Obsolesce @notverypunny
        last edited by

        @notverypunny said in Self-Signed certs for LDAPS:

        So I'll start off by acknowledging that self-signed certs are less than ideal for most purposes.

        Right now my goal is to get rid of plain-text LDAP on the network and want to make sure that I'm not trading one security hole for another.

        I've found a couple of sets of instructions online and figured I'd run the idea past the assembled brain-power before going too far down the rabbit hole.

        https://anandthearchitect.com/2019/10/10/active-directory-self-signed-certificate-for-ldaps/

        https://social.technet.microsoft.com/Forums/en-US/667ec29d-d83a-49b4-9280-308964359154/best-way-to-enable-ldaps-self-signed-certificate?forum=winserversecurity

        https://www.javaxt.com/wiki/Tutorials/Windows/How_to_Enable_LDAPS_in_Active_Directory

        Open to other suggestions to move from LDAP to LDAPS, but I'm in an environment that has too much legacy stuff to scrap it and / or AD so that whole possible course of action is the non-starter to end all non-starters.

        In an on-prem only AD environment, no problem using self signed.

        1 Reply Last reply Reply Quote 2
        • 1 / 1
        • First post
          Last post