Best way to enable LDAPS / Self Signed CertSelf-Signed SSL Cert in Lighttpd Causing 404sSwitch stunnel from...
Do I have to know the General Relativity theory to understand the concept of inertial frame?
Why does a 97 / 92 key piano exist by Bösendorfer?
What does "Scientists rise up against statistical significance" mean? (Comment in Nature)
If the only attacker is removed from combat, is a creature still counted as having attacked this turn?
How do I tell my boss that I'm quitting in 15 days (a colleague left this week)
Make a Bowl of Alphabet Soup
How many people need to be born every 8 years to sustain population?
Why would five hundred and five be same as one?
What the heck is gets(stdin) on site coderbyte?
Do you waste sorcery points if you try to apply metamagic to a spell from a scroll but fail to cast it?
ContourPlot — How do I color by contour curvature?
Showing mass murder in a kid's book
Why the "ls" command is showing the permissions of files in a FAT32 partition?
How to leave product feedback on macOS?
What is the meaning of "You've never met a graph you didn't like?"
Unable to disable Microsoft Store in domain environment
Why do Radio Buttons not fill the entire outer circle?
I'm just a whisper. Who am I?
Sigmoid with a slope but no asymptotes?
If Captain Marvel (MCU) were to have a child with a human male, would the child be human or Kree?
What does "tick" mean in this sentence?
How to make money from a browser who sees 5 seconds into the future of any web page?
How to test the sharpness of a knife?
Can I run 125kHz RF circuit on a breadboard?
Best way to enable LDAPS / Self Signed Cert
Self-Signed SSL Cert in Lighttpd Causing 404sSwitch stunnel from self-signed cert to signed by CA certSelf Signed Certificate RisksAre self-signed SSL certificates secure?Ubuntu 12.04 LDAP SSL self-signed cert not acceptedRun SVN commands with self signed SSL certSelf Signed SSL Cert - Browser WarningHow can I install a client certificate for all users of a computer?OpenSSL verification failing with CA signed cert but not with self signed one?Using a third-party certificate with Active Directory without certificate request
Looking for best secure way to enable LDAPS support in ActiveDirectory / on DMZ servers, I did some leg work but I would like to run this by you guys.
I don't have CA available, and domain is .local so I can't purchase signed cert. ( at this point migration to TLD is not an option. )
I found tutorial that showing that I can create self signed certificate with makecert, are there any issues doing that ... ?
Tutorial
Run - makecert -a sha1 -eku 1.3.6.1.5.5.7.3.1 -sky exchange -sr localmachine -ss MY -pe -r -n "CN=DCNAME2" -len -m 12 LDAP.cer
From MMC - Certificates go to Personal Store - export created certificate with KEY
Then import the PFX file that was created in previous step under Local Computer - Trusted Root Certificates.
Does this make sense... ? and what are the security implications, any better way of doing it.
Thank's
certificate
migrated from security.stackexchange.com 2 mins ago
This question came from our site for information security professionals.
add a comment |
Looking for best secure way to enable LDAPS support in ActiveDirectory / on DMZ servers, I did some leg work but I would like to run this by you guys.
I don't have CA available, and domain is .local so I can't purchase signed cert. ( at this point migration to TLD is not an option. )
I found tutorial that showing that I can create self signed certificate with makecert, are there any issues doing that ... ?
Tutorial
Run - makecert -a sha1 -eku 1.3.6.1.5.5.7.3.1 -sky exchange -sr localmachine -ss MY -pe -r -n "CN=DCNAME2" -len -m 12 LDAP.cer
From MMC - Certificates go to Personal Store - export created certificate with KEY
Then import the PFX file that was created in previous step under Local Computer - Trusted Root Certificates.
Does this make sense... ? and what are the security implications, any better way of doing it.
Thank's
certificate
migrated from security.stackexchange.com 2 mins ago
This question came from our site for information security professionals.
add a comment |
Looking for best secure way to enable LDAPS support in ActiveDirectory / on DMZ servers, I did some leg work but I would like to run this by you guys.
I don't have CA available, and domain is .local so I can't purchase signed cert. ( at this point migration to TLD is not an option. )
I found tutorial that showing that I can create self signed certificate with makecert, are there any issues doing that ... ?
Tutorial
Run - makecert -a sha1 -eku 1.3.6.1.5.5.7.3.1 -sky exchange -sr localmachine -ss MY -pe -r -n "CN=DCNAME2" -len -m 12 LDAP.cer
From MMC - Certificates go to Personal Store - export created certificate with KEY
Then import the PFX file that was created in previous step under Local Computer - Trusted Root Certificates.
Does this make sense... ? and what are the security implications, any better way of doing it.
Thank's
certificate
Looking for best secure way to enable LDAPS support in ActiveDirectory / on DMZ servers, I did some leg work but I would like to run this by you guys.
I don't have CA available, and domain is .local so I can't purchase signed cert. ( at this point migration to TLD is not an option. )
I found tutorial that showing that I can create self signed certificate with makecert, are there any issues doing that ... ?
Tutorial
Run - makecert -a sha1 -eku 1.3.6.1.5.5.7.3.1 -sky exchange -sr localmachine -ss MY -pe -r -n "CN=DCNAME2" -len -m 12 LDAP.cer
From MMC - Certificates go to Personal Store - export created certificate with KEY
Then import the PFX file that was created in previous step under Local Computer - Trusted Root Certificates.
Does this make sense... ? and what are the security implications, any better way of doing it.
Thank's
certificate
certificate
asked Mar 11 at 0:38
user45317
migrated from security.stackexchange.com 2 mins ago
This question came from our site for information security professionals.
migrated from security.stackexchange.com 2 mins ago
This question came from our site for information security professionals.
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f959236%2fbest-way-to-enable-ldaps-self-signed-cert%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f959236%2fbest-way-to-enable-ldaps-self-signed-cert%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
