Re: AD SSL, what impact?
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 7 Apr 2006 13:39:22 -0500
If you really only need to make SSL LDAP available to a limited number of
clients, you could just install a self-signed certificate. As long as you
can get the client to trust it (by installing the certificate in the
client's trusted roots store if it is using Windows Schannel for SSL
support), that will work. The selfssl tool that I mentioned can make quick
work of this.
You'll just have a deployment nightmare getting other clients to trust the
cert if you need broad deployment. That's the main advantage with getting a
cert from an issuer that everyone already trusts.
Joe K.
"GrimGrningGhost" <GrimGrningGhost@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:1B62F006-AC67-47EC-8D00-46898A8E816C@xxxxxxxxxxxxxxxx
I appreciate the replies. I suggested an ECA, but our structure makes such
a
thing technically fall under IT security which is a different management
branch than the server group. For whatever reason, they are dragging feet
on
the idea. The LDAP SSL queries would technically only flow from one
server
to another in the same rack across one switch secured in our computer room
(I
can't say much, but let me say that our computer room is extremely hard to
get access to by outsiders). So really, the packets aren't accessible and
so
I'd rather wait on security to approve/roll out the ECA. But I guess it's
my
bosses call. Thanks for the thoughts.
.
- References:
- Re: AD SSL, what impact?
- From: Paul Williams [MVP]
- Re: AD SSL, what impact?
- From: Joe Kaplan \(MVP - ADSI\)
- Re: AD SSL, what impact?
- Prev by Date: Re: Configure server as DC
- Next by Date: AD and workgroups
- Previous by thread: Re: AD SSL, what impact?
- Next by thread: Re: Restricting the size of each users home folder
- Index(es):
Relevant Pages
|
