How can I add the base FQDN to an additional SAN field to the LDAP cert on a domain controller?

John Owens 0 Reputation points
2024-02-05T14:06:59.6233333+00:00

Recently I've been setting up some older Linux applications to use LDAP against our domain. We strictly use LDAPS in our environment. I'd like to setup the LDAP string with just the name of the root of the domain (ex: domain.local) rather than pointing to a single server in case of DC failure. The Linux boxes often return an error saying the LDAP Cert doesn't have domain.local in the SAN of the certificate. Is there a way to modify the template that issues that cert to add a SAN with just the Forest domain? Is this something people regularly do? What's the usual measure to get this to work?

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,498 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Daisy Zhou 17,091 Reputation points Microsoft Vendor
    2024-02-06T03:05:11.8566667+00:00

    Hello John Owens,

    Thank you for posting in Q&A forum.

    Did you have ADCS installed in your domain? If so, you can select "Supply in the request" on certificate template under "Subject Name" tab.

    For example:
    User's image

    Then provide the SAN information during you enroll certificate as below: 23346-csr6.png I hope the information above is helpful. If you have any questions or concerns, please feel free to let us know. Best Regards, Daisy Zhou

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments