How to Enable LDAP over TLS on a SonicWall without a ...
How to Enable LDAP over TLS on a SonicWall without a Certificate Authority (CA)
1. Log into the domain controller you wish to use for LDAP authentication and create a self-signed
certificate by opening PowerShell as an administrator and running the command below, where
dc-name. is the FQDN of the domain controller you are authenticating to. This
certificate will be good for 10 years. Modify the AddYears parameter to change the number of years.
Please note, this is a continuous string but got word-wrapped due to space. If you are going to copy
and paste, I recommend doing so into Notepad first before pasting into PowerShell.
a. New-SelfsignedCertificate -Subject dc-name. -HashAlgorithm SHA1 -KeyUsage
KeyEncipherment,DataEncipherment -KeyUsageProperty All -TextExtension
@("2.5.29.37={text}1.3.6.1.5.5.7.3.1") -NotAfter (get-date).AddYears(10)
2. Open the Microsoft Management Console (mmc.exe) and click File?Add/Remove Snap-in, add
Certificates to the Console Root, and tick Computer account. Click Next, Finish, and OK.
3. Expand Certificates (Local Computer), expand Personal if it is not already and click Certificates.
Right-click the certificate (should be the same name as what you created in Step 1) and click
Properties. Click the Extended Validation tab and type the following sequence, without quotes, into
the Add OID field: ¡°1.3.6.1.5.5.7.3.1¡±. Click the ¡°Add OID¡± button, click Apply, and click OK.
4. Right-click this newly-modified certificate and click Copy. Right-click ¡°Trusted Root Certification
Authorities¡± and click Paste.
5. Make sure you are back in the Personal store. Right-click your certificate, click All Tasks, and click
Export. The Certificate Export Wizard will open. Click Next. Make sure ¡°No, do not export the private
key¡± is ticked and click Next. Make sure ¡°DER encoded binary X.509 (.CER)¡± is ticked and click Next.
Click Browse and choose a file location that will be accessible by the SonicWall. In the File Name
field, type in a name that is meaningful, such as the name of the exported certificate, but do use
dots in the name or the .cer extension won¡¯t get added (e.g. dc-name_mydomain_com). Click Save,
click Next, and then click Finish. A window should open stating ¡°The export was successful¡±. Click
OK. Close the MMC window. Click No when prompted to save. You can wait for the certificate store
to refresh (can take up to 8 hours) or you can reboot the domain controller.
6. After the certificate store has refreshed, browse to the management interface of the SonicWall UTM
device. After you have authenticated, browse to System?Certificates. Tick ¡°Imported certificates
and requests¡± and click the Import button. Tick the ¡°Import a CA certificate from a PKSC#7 (.p7b),
PEM (.pem) or DER (.der or .cer) encoded file¡± button and click Browse. Navigate to the file location
in Step 7, select the certificate name, click Open, and click Import. Verify that the certificate has
imported.
7. Click Users?Settings, change User authentication method to ¡°LDAP + Local Users¡± and configure
the SonicWall as you normally would for this section (if you need help with this, check other
Spiceworks discussions). In the Settings tab, the ¡°Name or IP address¡± field should be the FQDN of
the DC you are using for LDAP authentication. Tick ¡°Use TLS (SSL)¡± and untick ¡°Require valid
certificate from server. Ignore any warnings and click Apply. After you have fully configured this
section, click the Test tab, type in a valid domain user account in the User field and the password for
this account. Click Test. In the ¡°Test Status¡± field, you should get the response ¡°LDAP authentication
succeeded¡±. Click Apply and OK.
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- open source est clients how to use them for
- export certificate with private key
- componentspace saml for certificate guide
- how to enable ldap over tls on a sonicwall without a
- topicus keyhub
- generating signing and exporting keys and certificates
- deploying and configuring vmware unified access gateway
- deployment guide
- syslog over tls netsurion
- pfx to pem and key
Related searches
- instructions on how to use baking soda to pass a drug test
- how to enable hotkeys in windows 10
- how to enable xbox game bar
- how to enable unity web player
- how to enable system restore
- how to enable java scripting in edge
- how to enable javascript
- how to enable java in edge
- how to enable game bar
- how to enable hyperlinks in outlook
- how to enable thumbnail preview
- how to enable upnp