- 2 minutes to read

Securing LDAP using SSL

This user guide applies for both Nodinite LDAP products: BizTalk LDAP Adapter and LDAP Web API and describes how to make communication more secure between the Nodinite LDAP products and your LDAP Catalog Service.

This guide is a short hand version of the Microsoft Technet article LDAP over SSL (LDAPS) Certificate

In essence:

  1. Create a new self signed cert, or install an existing cert on the Active Directory Domain Controller (one ore more, depending on the clients and what servers these clients target)

    • This cert must have the Server Authentication extended property set
    • It must be installed in the Active Directory Domain Services Personal Account (NTDS\Personal) certificate store
    • You may need to restart the NTDS Service or reboot the server
  2. Install the cert on the Server with the BizTalk LDAP Adapter and/or the LDAP Web API

    • This cert must be installed in the Trusted Root Certification Authorities for the local machine
      • Intermediate certificates are allowed, review the following article for more information about the concept itself. In this case the root cert is installed in the Trusted Root Certification Authorities and the intermediate in Intermediate Certification Authorities

    Make sure the extended property Server Authentication still exists on the imported and now installed cert

    • A reboot may be required
You should use certificates to secure the communication. Make sure to replace them as they grow old and obsolete.