How can Windows Server 2019 use it's existing certificates ( CA certification authority installed ) or a commercial certificate to work with LDAPS.
I have spent many months on this issue, but recently on a new Windows Server 2019, I have the same issue:
I would think that the internal Windows 2019 certificates would be fine for LDAPS, not sure if it is a matter of trust, or a configuration issue. I have looked at many documents on the internet, but none seem to help me get beyond this LDAPS issue.
My goal is to use a Windows 2019 ldaps certificate so other applications can authenticate and retrieve ldap data.
I have installed Windows Server 2019 and I installed the Certification Authority and I see port 389 and 636 in a listen mode, but when I attempt to use port 636 I have errors. Port 389 is fine. When I use the openssl connect command on port 443 I have no errors.
What I have tried.
I have spent hours searching for solution that work in www.google.com. This has not worked.
I have used a JXplorer ldap browser i can login to port 389 and see active directory objects fine, but when I use port 636 it fails immediately with the error "Error opening connection: LDAP connection has been closed". The details on the error are: javax.naming.NamingException: LDAP connect has been closed".
When I do this command, I get a response as shown below that :
openssl s_client -connect FicticiousServerName.com:636 -showcerts
CONNECTED(00000003) depth=0 CN = LAB.FicticiousServerName.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = LAB.FicticiousServerName.com verify error:num=21:unable to verify the first certificate verify return:1
Certificate chain 0 s:/CN=LAB.FicticiousServerName.com i:/DC=com/DC=FicticiousServerName/CN=FicticiousServerName.com
Use Windows 2019 ldp.exe to test ldap and port 636, IT LOOKS FINE.... :
ld = ldap_sslinit("FicticiousServerName.com", 636, 1); Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3); Error 0 = ldap_connect(hLdap, NULL); Error 0 = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv); Host supports SSL, SSL cipher strength = 256 bits Established connection to FicticiousServerName.com. Retrieving base DSA information... Getting 1 entries: Dn: (RootDSE) configurationNamingContext: CN=Configuration,DC=FicticiousServerName,DC=com; currentTime: 5/4/2021 6:02:07 PM Mountain Daylight Time; defaultNamingContext: DC=FicticiousServerName,DC=com; dnsHostName: LAB.FicticiousServerName.com; domainControllerFunctionality: 7 = ( WIN2016 ); domainFunctionality: 7 = ( WIN2016 ); dsServiceName: CN=NTDS Settings,CN=LAB,CN=Servers,CN=Default-First-Site- Name,CN=Sites,CN=Configuration,DC=FicticiousServerName,DC=com; forestFunctionality: 7 = ( WIN2016 ); highestCommittedUSN: 16717; isGlobalCatalogReady: TRUE; isSynchronized: TRUE; ldapServiceName: FicticiousServerName.com:lab$@FicticiousServerName.COM; namingContexts (5): DC=FicticiousServerName,DC=com; CN=Configuration,DC=FicticiousServerName,DC=com; CN=Schema,CN=Configuration,DC=FicticiousServerName,DC=com; DC=DomainDnsZones,DC=FicticiousServerName,DC=com; DC=ForestDnsZones,DC=FicticiousServerName,DC=com; rootDomainNamingContext: DC=FicticiousServerName,DC=com; schemaNamingContext: CN=Schema,CN=Configuration,DC=FicticiousServerName,DC=com; serverName: CN=LAB,CN=Servers,CN=Default-First-Site- Name,CN=Sites,CN=Configuration,DC=FicticiousServerName,DC=com; subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=FicticiousServerName,DC=com; supportedCapabilities (6): 1.2.840.113556.1.4.800 = ( ACTIVE_DIRECTORY );
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 64%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)