Reset Search



KB9980 - Configuring Windows 2003 Server and the PCS for LDAPS

« Go Back


Last Modified Date1/19/2016 3:36 PM
A step-by-step "HOW TO" on setting up Windows 2003 Server to accept LDAPS for authentication
Problem or Goal
Windows 2003 Server will not accept LDAPS authentication requests if a suitable certificate is not installed.

step1 On a Windows 2003 Server create the following text file:

;----------------- request.inf -----------------


Signature="$Windows NT$


Subject = "CN=" ; replace with the FQDN of the DC
KeySpec = 1
KeyLength = 1024
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0


OID= ; this is for Server Authentication


step2 Within the .inf file, replace the subject line with your Domain Controllers FQDN.


step3 Open up a command line prompt window (Start > Run > cmd) and change to the directory where the INF is saved.   Once there type the following:

certreq -new request.inf request.req


The .req file is the Base64 CSR which will be submitted to the Certificate authority on the Domain Controller.

step4 Submit the .req file. Although the Certificate Authority Snap-in for MMC can be used to submit the .req, this article utilizes the WebUI.

  • Log in to the Certificate Server.
  • Select Request a Certificate
  • Select Advanced Certificate Request
  • Select Submit a certificate request by using a base-64 encoded CMC or PCKS#10 file...
  • Using Notepad or a similar text editor, open the .req file. Select and copy the contents of the file.
  • Insert the copied contents of the .req file into the Base-64 encoded certificate request window displayed on the WebUI of the Certificate Server

    note: Web Server is selected in the Certificate Template section since it covers “Server Authentication”, which is the primary focus. Domain Controller and computer (other selectable options)also cover Server Authentication. This selection is not necessary for this example since the original .inf defined the purpose; see EnhancedKeyUsageExtension section of the original file.


step5 Download and save the certificate in Base 64 encoded format.


step6 Open up a command line prompt window (Start > Run > cmd) and change to the directory where the certificate is saved. Accept the certificate using the following command:

certreq -accept certnew.cer


step7 The certificate should be in the local computers personal store.

  • Open up the MMC by selecting Start > Run. 
  • Type MMC.   
  • Go to file, click on add/remove snap-in
  • Add the certificate snap in for the local computer.
  • Select the personal store and you should see the certificate.


step8 Reboot the Domain Controller.


step9 Once the domain controller is back up and running, export the CA certificate.

  • Log in to the Certificate Server and select Download a CA certificate
  • Select the CA certificate to download, then click Download CA Certificate
  • Save the certificate to the Windows 2003 server.

step10 Import the CA Certificate into the Trusted Server CA on the PCS.

  • From the PCS WebUI, select Configuration > Certificates > Trusted Server CAs

  • Insert the path to the .cer file, then click Import Certificate

  • The new CA certificate will display in the list of Trusted Server CAs




step11 From the WebUI, select Auth. Servers to change the LDAP server connection type to LDAPS and the Access port to 636. Save changes. LDAPS should now be working.

Related Links
Attachment 1 
Created ByData Deployment



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255