Windows Windows Server

How to enable LDAP over SSL with a third-party Certificate such as DigiCert


In this guide we will be trying to use LDAP which is an access protocol to connect to the domain controller over SSL with a third-party CA such as DigiCert using LDP. With LDP, you can perform operations such as connect, bind, search, modify, add, delete against any Lightweight Directory Access Protocol (LDAP)-compatible directory, such as Active Directory Domain Services (AD DS). LDP is an LDAP tool that you use to view objects that are stored in AD DS along with their metadata, such as security descriptors and replication metadata. You can read more related guides like: How to Import your SSL Certificate to Your Windows Server using DigiCert Utility, Generate a self-signed SSL certificate: How to enable LDAP over SSL with a self-signed certificate, and Cannot open connection via the ldp.exe tool: How to fix LDAP connection error 81.

Before you start anything, I will advise you create your Certificate Signing Request (CSR) by reading this guide How to use the DigiCert Certificate Utility for Windows to create a CSR.

You will also need to have a valid SSL certificate but you can request a trial SSL certificate by reading this guide How to generate your trial SSL certificate for private IP using DigiCert PKI Platform.

After you have completed the above task then you can launch the command prompt and enter ldp. if the ldp client is not showing you can read this guide Generate a self-signed SSL certificate: How to enable LDAP over SSL with a self-signed certificate it contains what to do to be able to launch the Ldp.

Command Prompt

Enter the Domain Controller ip and port 636 and select SSL
– Click on OK

Ldp Client

By the time you click on OK the below image will be displayed mandating you to enter the PIN that you created while requesting for your SSL Certificate via DigiCert.

DigiCert PKI PIN

After you enter the correct PIN you will be able to access the PKI Manager and also be able to connect successfully to the domain controller through SSL using LDAP protocol and Ldp tool.

DigiCert PKI Manager

Connection successful to domain controller.

Connection Successful

I hope you found this blog post on how to Enable LDAP over SSL with a Third-party Certification Authority such as DigiCert very interesting and helpful. In case you have any questions do not hesitate to ask in the comment section.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x