Introduction
To get the full experience from LogonBox your Active Directory needs to be configured for SSL, this allows the secure node agent to successfully perform secure actions, such as password changes, against your Active Directory, this is also a requirement of LogonBox to work successfully; LogonBox values your privacy which is why secure communication between user directories such as your AD is vital.
This article details specifically how to configure Windows Server 2008, with links to Windows server 2003 and Windows server 2012, for other directorires please refer to your directory instructions.
Other Windows Directories
- Windows server 2012 - Enabling LDAP SSL in Windows 2012
- Windows server 2003 - Enabling LDAP SSL in Windows 2003
- If your your Certificate Services has already been configured on another server, use the following article to generate new certificate for use on all Active Directories - https://www.itprotoday.com/windows-78/how-use-ldap-over-ssl-lock-down-ad-traffic
Configure LDAP SSL on Windows 2008
Step 1: Install the Certificate Services Roles
To begin, the Windows server should already have Active Directory Domain Services installed. If it does not then you will need to install this before we continue.
Once domain Services has been installed and configured (if it was required ) open the Add Roles wizard and select the Active Directory Certificate Services role and begin the installation process of this role on the Domain Controller.
Note: The following instructions setting for the wizard are are intended for a single domain controller environment, and are used in our own testing systems. Your own configuration requirements may vary.
When the wizard prompts you to select the modules for the Certificate Services select the Certificate Authority option and Next.
You'll next be prompted to select the type of Certificate Authority you wish to create. In order to create a certificate for Active Directory you must select the Enterprise CA.
Next you'll need to set if the CA is the root or a subordinate, in this environment you want to select the Root CA option.
Next you will need to specify if the CA will use a new or existing private key. We will be selecting Create a New Private Key, however if you already have a key you wish to use you can select Use Existing option and upload the key to the domain controller.