差異處
這裏顯示兩個版本的差異處。
java:dalp:ad:enable_certificate [2016/04/08 16:56] tony 建立 |
java:dalp:ad:enable_certificate [2023/06/25 09:48] |
||
---|---|---|---|
行 1: | 行 1: | ||
- | {{tag>ldap ad windows ssl tls certificate}} | ||
- | ====== Enable SSL/TLS on Windows AD ====== | ||
- | ===== Setup ===== | ||
- | 在設定Active Directory Certificate Services之前,ldaps port就是enable的,但無法使用: | ||
- | <code bash> | ||
- | netstat -na | findstr ":636" | ||
- | </code> | ||
- | 我測試用的AD server是安裝在Windows 2012,與Reference 1的系統不同。但大致上按照它的教學就可以設定成功。 | ||
- | ==== Install AD Certificate Service ==== | ||
- | 打開Add Roles and Fetures Wizard後,選擇Active Directory Certificate Service,接著一直下一步就可以安裝完成。\\ | ||
- | {{:java:dalp:ad:enable_ad_certificate_service.png|}}\\ | ||
- | ==== Config AD Certificate Service ==== | ||
- | 透過Server Manager選擇AD CS,然後選你的server後,會出現以下畫面:\\ | ||
- | {{:java:dalp:ad:start_config_ad_certificate_service.png|}}\\ | ||
- | \\ | ||
- | 接著點擊Action就會出現設定畫面:\\ | ||
- | {{:java:dalp:ad:config_ad_certificate_service.png|}}\\ | ||
- | \\ | ||
- | 除了要選擇Key的加密方式外,一直下一步就完成了。安裝完成後,直接重開機。 | ||
- | ===== Export Certificate ===== | ||
- | 要透過SSL/TLS存取AD server的client,一定會遇到certificate驗證問題。所以你必須把server certificate匯出,可以透過以下command匯出為client.crt: | ||
- | <code bash> | ||
- | certutil -ca.cert client.crt | ||
- | </code> | ||
- | ===== Test connection with LdapAdmin ===== | ||
- | {{:java:dalp:ad:test_ad_ssl_connection.png|}} | ||
- | ===== Reference ===== | ||
- | * [[https://confluence.atlassian.com/display/CROWD/Configuring+an+SSL+Certificate+for+Microsoft+Active+Directory|Config certificate for Microsoft Active Directory]] | ||
- | ===== ===== | ||
- | ---- | ||
- | \\ | ||
- | ~~DISQUS~~ |