RE: LDAP SSL using 3rd party certs

2010-09-24 Thread Brian Desmond 
Yes you can use the third party certs - I do it all the time.

http://support.microsoft.com/kb/321051

Thanks,
Brian Desmond
br...@briandesmond.com

c   - 312.731.3132

From: Oliver Marshall [mailto:oliver.marsh...@g2support.com]
Sent: Friday, September 24, 2010 4:27 AM
To: NT System Admin Issues
Subject: LDAP SSL using 3rd party certs

Does anyone know if it's possible to secure LDAP without using a CA install on 
the network?

For various reasons (mainly down to the remote web servers of which we don't 
appear to have any control) we can't use a CA and install our own root certs, 
but need to find a way to secure LDAP authentication over the web without 
anything being required to be installed on the remote server doing the checking 
of user details.

Any ideas?

Olly



[cid:image002.png@01CB5BC9.DB12D630]


Network Support
Online Backups
Server Management

Tel: 0845 307 3443
Email: oliver.marsh...@g2support.com<mailto:oliver.marsh...@g2support.com>
Web: http://www.g2support.com<http://www.g2support.com/>
Twitter: g2support<http://twitter.com/home?stat...@g2support>
Newsletter: http://www.g2support.com/newsletter
Mail: 2 Roundhill Road, Brighton, Sussex, BN2 3RF

Have you said something nice about us to a friend or colleague ?
Let us say thanks. Find out more at 
www.g2support.com/referral<http://www.g2support.com/referral>

G2 Support LLP is registered at Mill House, 103 Holmes Avenue, HOVE
BN3 7LE. Our registered company number is OC316341.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

RE: LDAP SSL using 3rd party certs

2010-09-24 Thread Ken Schaefer 
Hmm - I don't know of any specific OID for LDAP - I'm assuming that it would 
just be the server authentication OID, which is included in any 3rd party CA 
offering.
Possibly most people don't expose LDAPS over the internet?

Cheers
Ken

From: Oliver Marshall [mailto:oliver.marsh...@g2support.com]
Sent: Friday, 24 September 2010 6:09 PM
To: NT System Admin Issues
Subject: RE: LDAP SSL using 3rd party certs

So the next question is, why do all the instructions include setting up a CA? 
Humpf.


--
G2 Support
Network Support : Online Backups : Server Management

Web: www.g2support.com
Twitter: g2support<http://twitter.com/home?stat...@g2support>
Newsletter: www.g2support.com/newsletter<http://www.g2support.com/newsletter>

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: 24 September 2010 10:52
To: NT System Admin Issues
Subject: RE: LDAP SSL using 3rd party certs

SSL/TLS just relies on a commonly trusted party (i.e. trusted by the client, 
and by the server). That trusted party "signs" the certificate(s). Since both 
parties "trust" the trusted party, both parties have access to the necessary 
public key that can verify the signature on the presented certificate.

So, bottom line, the answer to your question is "yes"

Cheers
Ken

From: Oliver Marshall [mailto:oliver.marsh...@g2support.com]
Sent: Friday, 24 September 2010 5:27 PM
To: NT System Admin Issues
Subject: LDAP SSL using 3rd party certs

Does anyone know if it's possible to secure LDAP without using a CA install on 
the network?

For various reasons (mainly down to the remote web servers of which we don't 
appear to have any control) we can't use a CA and install our own root certs, 
but need to find a way to secure LDAP authentication over the web without 
anything being required to be installed on the remote server doing the checking 
of user details.

Any ideas?

Olly


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin



[cid:image002.png@01CB5C14.4D6977D0]


Network Support
Online Backups
Server Management

Tel: 0845 307 3443
Email: oliver.marsh...@g2support.com<mailto:oliver.marsh...@g2support.com>
Web: http://www.g2support.com<http://www.g2support.com/>
Twitter: g2support<http://twitter.com/home?stat...@g2support>
Newsletter: http://www.g2support.com/newsletter
Mail: 2 Roundhill Road, Brighton, Sussex, BN2 3RF

Have you said something nice about us to a friend or colleague ?
Let us say thanks. Find out more at 
www.g2support.com/referral<http://www.g2support.com/referral>

G2 Support LLP is registered at Mill House, 103 Holmes Avenue, HOVE
BN3 7LE. Our registered company number is OC316341.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>

RE: LDAP SSL using 3rd party certs

2010-09-24 Thread Ken Schaefer 
SSL/TLS just relies on a commonly trusted party (i.e. trusted by the client, 
and by the server). That trusted party "signs" the certificate(s). Since both 
parties "trust" the trusted party, both parties have access to the necessary 
public key that can verify the signature on the presented certificate.

So, bottom line, the answer to your question is "yes"

Cheers
Ken

From: Oliver Marshall [mailto:oliver.marsh...@g2support.com]
Sent: Friday, 24 September 2010 5:27 PM
To: NT System Admin Issues
Subject: LDAP SSL using 3rd party certs

Does anyone know if it's possible to secure LDAP without using a CA install on 
the network?

For various reasons (mainly down to the remote web servers of which we don't 
appear to have any control) we can't use a CA and install our own root certs, 
but need to find a way to secure LDAP authentication over the web without 
anything being required to be installed on the remote server doing the checking 
of user details.

Any ideas?

Olly


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

LDAP SSL using 3rd party certs

2010-09-24 Thread Oliver Marshall 
Does anyone know if it's possible to secure LDAP without using a CA install on 
the network?

For various reasons (mainly down to the remote web servers of which we don't 
appear to have any control) we can't use a CA and install our own root certs, 
but need to find a way to secure LDAP authentication over the web without 
anything being required to be installed on the remote server doing the checking 
of user details.

Any ideas?

Olly

[cid:personal2bb3.jpg]

[cid:g2supportsmall_250x58border2ea6.png]

Network Support
Online Backups
Server Management

Tel: 0845 307 3443
Email: oliver.marsh...@g2support.com
Web: http://www.g2support.com
Twitter: g2support
Newsletter: http://www.g2support.com/newsletter
Mail: 2 Roundhill Road, Brighton, Sussex, BN2 3RF

Have you said something nice about us to a friend or colleague ?
Let us say thanks. Find out more at 
www.g2support.com/referral

G2 Support LLP is registered at Mill House, 103 Holmes Avenue, HOVE
BN3 7LE. Our registered company number is OC316341.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<><>