Applies to Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
Note Only LDAP data transfers are exposed. Other authentication or authorization data using Kerberos, SASL, and even NTLM have their own encryption systems. The Microsoft Management Console (mmc) snap-ins, since
Windows 2000 SP4 have used LDAP sign and seal or
Simple Authentication and Security Layer (SASL) and
replication between domain controllers is encrypted using Kerberos.
Warning Before you install a certification authority (CA), you should be aware that you are creating or extending a public key infrastructure (PKI). Be sure to design a PKI that is appropriate for your organization. See
PKI Design Brief Overview for additional information.
To request a certificate from your LDAPSL server, do the following on each domain controller that requires LDAPS connections:
However, if there is a legitimate reason that two or more certificates and a customer using at least Windows Server 2008 LDAP servers, the Active Directory Domain Services (NTDS\Personal) certificate store can be used for LDAPS communications.
Important There are several significant details to know before you implement the use of the Active Directory Domain Services certificate store.
In Add or Remove Snap-ins, click OK.