In this guide we will be trying to use LDAP which is an access protocol to connect to the domain controller over SSL with a third-party CA such as DigiCert using LDP. With LDP, you can perform operations such as connect, bind, search, modify, add, delete against any Lightweight Directory Access Protocol (LDAP)-compatible directory, such as Active Directory Domain Services (AD DS). LDP is an LDAP tool that you use to view objects that are stored in AD DS along with their metadata, such as security descriptors and replication metadata. You can read more related guides like: How to Import your SSL Certificate to Your Windows Server using DigiCert Utility, Generate a self-signed SSL certificate: How to enable LDAP over SSL with a self-signed certificate, and Cannot open connection via the ldp.exe tool: How to fix LDAP connection error 81.
Before you start anything, I will advise you create your Certificate Signing Request (CSR) by reading this guide How to use the DigiCert Certificate Utility for Windows to create a CSR.
You will also need to have a valid SSL certificate but you can request a trial SSL certificate by reading this guide How to generate your trial SSL certificate for private IP using DigiCert PKI Platform.
After you have completed the above task then you can launch the command prompt and enter ldp. if the ldp client is not showing you can read this guide Generate a self-signed SSL certificate: How to enable LDAP over SSL with a self-signed certificate it contains what to do to be able to launch the Ldp.
Enter the Domain Controller ip and port 636 and select SSL
– Click on OK
By the time you click on OK the below image will be displayed mandating you to enter the PIN that you created while requesting for your SSL Certificate via DigiCert.
After you enter the correct PIN you will be able to access the PKI Manager and also be able to connect successfully to the domain controller through SSL using LDAP protocol and Ldp tool.
Connection successful to domain controller.
I hope you found this blog post on how to Enable LDAP over SSL with a Third-party Certification Authority such as DigiCert very interesting and helpful. In case you have any questions do not hesitate to ask in the comment section.