Configure Active Directory/LDAP over SSL

Share on print
Share on facebook
Share on linkedin
Share on whatsapp
Share on email

This article provides the instructions to configure Active Directory (AD) or LDAP (Lightweight Directory Access Protocol) over SSL (Secure Sockets Layer). Note that this configuration is portal-wide and affects all tenant accounts within Appspace.

Before we start, here are a few types of certification that are relevant for this guide:

  • Self-Signed – The certificate is self-signed and needs to be imported into the trust store of the Appspace server.
  • Private CA-Signed (Trusted) – The certificate is signed by a trusted private authority therefore no manual configuration is needed.
  • Private CA-Signed (Untrusted) – The certificate is signed by an untrusted private authority therefore that authority’s certificate needs to be imported into the trust store of the Appspace server.
  • CA-Signed – The certificate is signed by a trusted CA therefore no manual configuration is needed.

We will be covering these sections:

Prerequisites

Important

This feature has been designed to work with a flat Active Directory structure.

  • An AD or LDAP server with SSL enabled.
  • The SSL certificate CN must match the FQDN of the AD or LDAP server.
  • The SSL certificate must be valid and be certified from a trusted Certificate Authority (CA).
  • Windows Server user credential on the Appspace server with local administrator privileges.
  • Portal Administrator privileges on your Appspace on-prem server.

Download the SSL Certificate

  1. Download the SSL certificate (encoded in DER or Base_64) from the AD server as per instructions from the Microsoft website: https://support.microsoft.com/en-us/help/555252

    Note

    Your IT administrator will be able to retrieve the certificate from the AD server.

Import a Self-Signed/Private CA-Signed SSL Certificate

Follow these steps to import a self-signed/private CA-signed SSL certificate into Appspace Server’s trust store:

  1. Launch the Microsoft Management Console (MMC), by clicking the Windows icon, and entering ‘mmc’ in the run window.
  2. Click File, and select Add/Remove Snap-in.
  3. In the Add or Remove Snap-ins window, Select “Certificates” from the Available Snap-in window, and click Add.
  4. In the Certificates snap-in window, select ‘Computer account’ and click Next.
  5. Select ‘Local computer’ and click Finish. Click OK to add the new snap-in.
  6. In the Console Root tree, expand Certificates (Local Computer) > Trusted Root Certification Authorities, and click Certificates. All the trusted certifications are displayed in the details pane.
  7. Click More Actions, and select All Tasks > Imports.
  8. In the Certificate Import Wizard, click Next, and browse for the certificate downloaded earlier from the AD server. Click Next.
  9. Leave the Certificate Store default option at ‘Place all certificates in the following store’. Click Next.
  10. Review, and click Finish. Click OK for the successful import notification.
  11. The certificate is displayed in the details pane.

Configure AD Authentication over SSL

Now that you’ve imported your SSL certificate into the Appspace server, you can now proceed to configure AD authentication. To do so, refer to the AD/LDAP authentication article