Home > Active Directory > Self-Signed Certificate for LDAPs

Self-Signed Certificate for LDAPs

I recently ran into an instance where one of my customers needed to get LDAPs up and functioning quickly. We had a pending engagement to help them implement some Certification Authorities but needed something to hold them ever temporarily until the completion of the project. The following is a way to setup LDAPs using self-signed certificates.

Create the following certificate request making the subject the FQDN of the domain controller, save as .inf file.

Open the Command Prompt as Administrator. Run the following certreq command and call the .inf file

Click Cancel on the Save Request screen after.

Open up the Certificates console using the MMC. Look in Computer Personal Store and export the certificate.

Since there is only one option to not export the private key, click

 Select the Base-64 encoded button to export the file as the Base-64 format, click Next.

Save the file in an easy location for import into the Trusted Root Certification Store, click Save.

 Go to the Trusted Root Certification Authority, right click on Certificates, click Import.


Click Browse to select the file that was just exported.


 Highlight the Base-64 certificate file and click Open.

Place the certificate into the Trusted Root Certification Authorities Store, click Next.


Click Finish to end


Categories: Active Directory
  1. March 20, 2014 at 12:07 am

    This is pretty much KB321051. What you forgot to do, and is in the KB article, is to put the certificate in the NTDS Service’s personal store instead of the local computer store. This was new for Windows 2008. If the cert is in the local computer context then you need to reboot to change certs and you will only support one cert. All the magic happens when you put the cert in the Active Directory services store.

    • March 20, 2014 at 1:16 am

      That is a great point and definitely worthwhile to point out. I will add some edits to include that information as well.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: