{"id":4936,"date":"2020-10-15T03:44:23","date_gmt":"2020-10-15T03:44:23","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=4936"},"modified":"2020-12-15T03:44:43","modified_gmt":"2020-12-15T03:44:43","slug":"enabling-ldaps-on-windows-core-dcs-using-enterprise-ca","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/enabling-ldaps-on-windows-core-dcs-using-enterprise-ca","title":{"rendered":"Enabling LDAPS on Windows Core DCs using Enterprise CA"},"content":{"rendered":"<p># Example .inf file:<\/p><p>[Version]<\/p><p>Signature=&#8221;$Windows NT$&#8221;<\/p><p>&nbsp;<\/p><p>[NewRequest]<\/p><p>Subject = &#8220;CN=dcname.domain.com.au&#8221;<\/p><p>KeySpec = 1<\/p><p>KeyLength = 2048<\/p><p>Exportable = TRUE<\/p><p>MachineKeySet = TRUE<\/p><p>SMIME = FALSE<\/p><p>PrivateKeyArchive = FALSE<\/p><p>UserProtected = FALSE<\/p><p>UseExistingKeySet = FALSE<\/p><p>ProviderName = &#8220;Microsoft RSA SChannel Cryptographic Provider&#8221;<\/p><p>ProviderType = 12<\/p><p>RequestType = PKCS10<\/p><p>KeyUsage = 0xa0<\/p><p>&nbsp;<\/p><p>[EnhancedKeyUsageExtension]<\/p><p>OID = 1.3.6.1.5.5.7.3.1 ; Server Authentication<\/p><p>&nbsp;<\/p><p># Create CSR<\/p><p>certreq -new C:\\temp\\cert.inf c:\\temp\\csr.csr<\/p><p># Issue cert on CA<\/p><p>certreq -submit -attrib &#8220;CertificateTemplate:2016KerberosAuthentication&#8221; &#8220;C:\\Users\\matt.soltau\\Desktop\\csr.csr&#8221;<\/p><p>&#8211; Copy cert.cer from CA to DC<\/p><p># Accept cert on DC<\/p><p>certreq -accept c:\\temp\\cert.cer<\/p><p># Copy Cert form Personal store to ADDS service<\/p><p># Find Thumbprint (PowerShell)<\/p><p>&gt; Cd Cert:\\LocalMachine\\My\\<\/p><p>&gt; Get-ChildItem<\/p><p>Copy-Item &#8220;HKLM:\\SOFTWARE\\Microsoft\\SystemCertificates\\MY\\Certificates\\&lt;Thumbprint&gt;&#8221; &#8220;HKLM:\\SOFTWARE\\Microsoft\\Cryptography\\Services\\NTDS\\SystemCertificates\\MY\\Certificates\\&#8221;<\/p>","protected":false},"excerpt":{"rendered":"<p># Example .inf file:[Version]Signature=&#8221;$Windows NT$&#8221;&nbsp;[NewRequest]Subject = &#8220;CN=dcname.domain.com.au&#8221;KeySpec = 1KeyLength = 2048Exportable = TRUEMachineKeySet = TRUESMIME = FALSEPrivateKeyArchive = FALSEUserProtected = FALSEUseExistingKeySet = FALSEProviderName = &#8220;Microsoft RSA SChannel [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4936","post","type-post","status-publish","format-standard","hentry","category-research"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4936","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=4936"}],"version-history":[{"count":1,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4936\/revisions"}],"predecessor-version":[{"id":4937,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4936\/revisions\/4937"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=4936"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=4936"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=4936"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}