Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Setting up Secure Communications between Servers on Port 636

Status
Not open for further replies.

surfangel

Technical User
Feb 10, 2005
19
GB
Hi all

I need to setup SSL secure comunications between a Windows Management Server in our Standard Subnet and a windows server in a DMZ.

Only Port 636 is enabled between these two servers. I am basically running an LDAP lookup within a VBscript from the Management server to a Secure Domain controller in the DMZ.

How do I go about setting up a Secure Certificate between these two servers. Do I need to use IIS or some other method?

Sorry if this seems to be a dumb question but I do not have much experience in this area.

Cheers
 
Do you have a CA? You'll need that first.

Basically, all you need to do is set up a CA, enroll the DCs for domain controller certs (will autoenroll by default if using an enterprise CA with default policy settings)
install the certs
configure the LDAP signing security option to secure only

that should do the trick

From what I recall, if a DC has a cert and knows it can use 636, it will always use it. That does not mean a client binding to AD will use 636 however (if you set the policy, it should though).

I'm a bit tired, so may be scratching at my head a bit right now.

A VBScript call for the ADSDSOObject will behave differently than native Windows though.

If all you are doing is VBScript, then all you need is the certificate on the DC you will be connecting to, then change your LDAP query to reflect the servername and the port (LDAP://server.domain.com:636/OU=whatever,DC=domain,DC=com)


-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top