What external source are you trying to connect with? We run LDAPs externally for SAAS applications and we just send the vendor the public keys so they can make the connection.
On Thu, Nov 18, 2010 at 8:10 AM, Oliver Marshall < oliver.marsh...@g2support.com> wrote: > Thanks Michael, > > > > Does that mean that, without something like TMG, we can't actually get > LDAPs working so that external boxes can authenticate against LDAP? > > > > I haven't seen that anywhere. Damn! > > > > > > -- > > G2 Support > > Network Support : Online Backups : Server Management > > > > Web: www.g2support.com > > Twitter: g2support <http://twitter.com/home?stat...@g2support> > > Newsletter: www.g2support.com/newsletter > > > > *From:* Michael B. Smith [mailto:mich...@smithcons.com] > *Sent:* 18 November 2010 15:40 > > *To:* NT System Admin Issues > *Subject:* RE: LDAPS Setup question > > > > As it says: the server authentication certificate must be issued to the > FQDN of the computer on which your AD LDS instance is running. > > > > That’s the internal FQDN. If you want to use it externally, you are going > to need something that does SSL termination and URL rewriting. Such as ISA > or TMG. > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com <http://theessentialexchange.com/> > > > > *From:* Oliver Marshall [mailto:oliver.marsh...@g2support.com] > *Sent:* Thursday, November 18, 2010 10:32 AM > *To:* NT System Admin Issues > *Subject:* LDAPS Setup question > > > > Hi Chaps, > > > > I'm trying to get LDAP over SSL set up on a Windows 2008 AD server. Before > I order the SSL cert, I just want to check. The docs at the MS site say; > > > > "When you request the certificate, specify the fully qualified domain name > (FQDN) of the computer on which your AD LDS instance is running as the > identifying name for the certificate. In other words, the server > authentication certificate must be issued to the FQDN of the computer on > which your AD LDS instance is running. " > > > > Now, we want to use LDAPs both internally and externally. Am I right in > thinking we can order a cert with the FQDN of ldap.mydomain.com and as > long as that domain resolves to the LDAP/AD server both externally and > internally it will be accepted? Or should we get a multiple host SSL cert, > as we do with Exchange 2xxx, and register the netbios, internal FQDN > (server.mydomain.local) and the external FQDN (ldap.mydomain.com) ? > > > > Olly > > > > > > Network Support > Online Backups > Server Management > > Tel: 0845 307 3443 > > Email: oliver.marsh...@g2support.com > > Web: http://www.g2support.com > > Twitter: g2support <http://twitter.com/home?stat...@g2support> > > Newsletter: http://www.g2support.com/newsletter > > Mail: 2 Roundhill Road, Brighton, Sussex, BN2 3RF > > > > Have you said something nice about us to a friend or colleague ? > > Let us say thanks. Find out more at www.g2support.com/referral > > > > G2 Support LLP is registered at Mill House, 103 Holmes Avenue, HOVE > > BN3 7LE. Our registered company number is OC316341. > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
<<image001.jpg>>
<<image002.png>>
