Share via

Can single domain certificate works for Azure ADDS Secure LDAP ?

Pavan Kumar Nagaraj 41 Reputation points
2021-05-18T15:14:12.15+00:00

Hello,

I will be configuring Secure LDAP in Azure as per your documentation.
https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps

As mentioned in the document,

Subject name - The subject name on the certificate must be your managed domain. For example, if your domain is named aaddscontoso.com, the certificate's subject name must be *.aaddscontoso.com.
The DNS name or subject alternate name of the certificate must be a wildcard certificate to ensure the secure LDAP works properly with the Azure AD Domain Services. Domain Controllers use random names and can be removed or added to ensure the service remains available.

Does this mean that a wildcard certificate *.example.com is mandatory? We have moved to single domain certificates as a security measure. Kindly confirm if this setup only works with wildcard certificate or does single domain certificate also work ?

Microsoft Security | Microsoft Entra | Other
0 comments
Accepted answer
  1. VipulSparsh-MSFT 16,311 Reputation points Microsoft Employee
    2021-05-19T09:43:12.43+00:00

    @Pavan Kumar Nagaraj Thanks for reaching out.

    It has to be a wild card certificate with *aaddsdomain.com and it can not be a single domain certificate.
    This is the requirement for Azure AD Domain Services.

    -----------------------------------------------------------------------------------------------------------------

    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.