NSD1064 How to create a Self Signed Certificate for Active Directory Domain Controllers
Fact
Nordic Edge Indentity Manager
Situation
To be able to handle passwords(change, reset) with LDAP against Active Directory, the domain controller that
you will communicate with will have to have a certificate. If you can´t afford to buy one or have a PKI
infrastrucure you could create one your self.
Solution
-
Download IIS 6.0 resource kit at http://support.microsoft.com/kb/840671
-
Install only the SelfSSL.exe part of the resource kit.
-
Open the c:/Program Files/IIS Resources/SelfSSL folder and type selfssl.exe for switches for the application
If you want to create a domain controller certificate for 1 year with key lenght 1024 for a domain controller named TESTDC1 in an Active Directory called TESTAD.Local then type:
-
selfssl.exe /N:CN=TESTDC1.TESTAD.Local /K:1024 /V:365
-
Start MMC.exe and add the Certificates Snap-in
-
Pick the Computer account store
-
Verify under Certificates and Personal that the certificate you created exist. If you created the certificate at a none domain controller you need to export the certificate and then import it to the domain controller.
-
Drag a copy of the certificate from the certificate store to the Trusted Root certificate Authorities – Certificate store.
Disclaimer
The origin of this information may be internal or external to Nordic Edge™. Nordic Edge™ makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Nordic Edge™ makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.
Nordic Edge Support – www.nordicedge.se
