Configure Active Directory Lightweight Directory Service (AD LDS) to use SSL

Enable SSL to secure communication between the Active Directory Lightweight Directory Service and the ISAM components.

Install and configure Active Directory Lightweight Directory Service, including the Internet Information Service and the Web Management Service.

SSL encrypts the data that is transmitted between the ISAM services and Active Directory Lightweight Directory Service. Consider enabling SSL to protect information such as user passwords and private data. SSL is not required for ISAM to operate. The following task summarizes the steps required for enabling SSL communications. For details about enabling SSL on Active Directory Lightweight Directory Service, see the Microsoft documentation for Windows 2008 and Active Directory Lightweight Directory Service.

Steps

1. Create a certificate containing the public and private key on the computer where Active Directory Lightweight Directory Service is installed.

2. Export the certificate with its private key.
3. Locate the exported key file, double-click it, and install the certificate in all the folders in the Personal and Trusted Authorities folder.

4. Use the mmc console, import this certificate into the Personal and Trusted Root certificate authorities folders for the Active Directory Lightweight Directory Service instance.
5. Change the file permissions of the private keys in the certificate. See the Microsoft documentation for details.
6. Restart the Active Directory Lightweight Directory Service instance.

7. Use the mmc console, export the Issue by certificate of the certificate that is created in Step 1 (do not export the private key) from the AD_LDS_instance\Personal folder and save the certificate as a .cer file.

8. Import the .cer file into an SSL certificate database on the appliance. Use this certificate to configure IBM Security Verify Access with SSL enabled.

Parent topic: Microsoft Active Directory Lightweight Directory Service (AD LDS) installation