If you want to make LDAPS queries to a DC you need to have an SSL on the domain controller. It is a pretty straight forward process.
1.) Create the .inf file. Following is an example .inf file that can be used to create the certificate request.
;—————– request.inf —————–
[Version]
Signature=”$Windows NT$
[NewRequest]
Subject = “CN=<DC fqdn>” ; replace with the FQDN of the DC (Example CN=FQDN of DC, O=Organization, L=Location or City, S=State, C=Country,US
KeySpec = 1
KeyLength = 1024
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = “Microsoft RSA SChannel Cryptographic Provider”
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
;———————————————–
2.) Create the request file. To do this, type the following command at the command prompt, and then press ENTER:
certreq -new request.inf request.req
A new file called Request.req is created. This is the base64-encoded request file.
3.) Submit this to a CA
4.) Retrieve the certificate that is issued, and then save the certificate as Certnew.cer in the same folder as the request file. To do this, follow these steps:
a.) Create a new file called Certnew.cer.
b.) Open the file in Notepad, paste the encoded certificate into the file, and then save the file.
5.) Run certreq -accept certnew.cer
6.) Look for the Cert in the MMC snap through Certificates, Local Computer, Personal, Certificates
7.) Restart the Domain Controller