Last updated on June 30, 2015

AD/LDAP Authentication Over SSL

Introduction

Important

This is only applicable to on-premise deployments.

This guide will show you the steps to configure AD or LDAP over SSL. Note that this configuration is portal-wide and affects all tenants (accounts) within the Appspace instance.

We will be covering two key sections:

Before we start, here are a few types of certification that is relevant for this guide:

  • Self-Signed – The certificate is self-signed and needs to be imported into the trust store of the Appspace server.
  • Private CA-Signed (Trusted) – The certificate is signed by a trusted private authority therefore no manual configuration is needed.
  • Private CA-Signed (Untrusted) – The certificate is signed by an untrusted private authority therefore that authority’s certificate needs to be imported into the trust store of the Appspace server.
  • CA-Signed – The certificate is signed by a trusted CA therefore no manual configuration is needed.

Prerequisites

Important

This feature has been designed to work with a flat Active Directory structure.

  • An AD or LDAP server with SSL enabled.
  • The SSL certificate CN must match the FQDN of the AD or LDAP server.
  • The SSL certificate must be valid and be certified from a trusted Certificate Authority (CA).
  • Windows Server user credential on the Appspace server with local administrator privileges.
  • Appspace user credential with Portal Administrator role.
  • Basic knowledge of navigating Windows Server 2008 and IIS (Internet Information Services).

Importing a Self-Signed/Private CA-Signed SSL Certificate

Follow these steps to import a self-signed/private CA-signed SSL certificate into Appspace Server’s trust store:

  1. Retrieve the SSL certificate (encoded in DER or Base_64) from the AD server.

    Note

    Your IT administrator will be able to retrieve the certificate from the AD server.

  2. Click the Start icon and in the search bar, type mmc. Click mmc under the search programs.

  3. Click File and select Add/Remove Snap-in.

  4. The Add or Remove Snap-ins window will appear. Select Certificates and click Add.

  5. In the Certificates snap-in pop-up box, select Computer account and click Next.

  6. Select Local computer and click Finish.

  7. Click OK to add your new snap-in.

  8. From the console tree, expand Certificates (Local Computer), expand Trusted Root Certification Authorities and click Certificates. Trusted certificates will be listed in the details pane.

  9. Click on More Actions, select All Tasks and Imports and this will bring up the Certificate Import Wizard.

  10. Click Next.

  11. Click Browse to browse for the certificate.

  12. Select your certificate in the pop-up window and click Open.

  13. Click Next.

  14. Click Next.

  15. Click Finish.

  16. A pop-up will confirm if the import was successful.

  17. Your certificate will be displayed in the details pane.

Configuring AD Authentication Over SSL

Now that you’ve imported your SSL certificate into the Appspace server, you can now proceed to configure AD authentication. To do so, refer to the AD/LDAP Authentication Guide.