If you want to enable SSL secured LDAP communication between HCP and AD, you need to create an SSL certificate on each domain controller in AD used by HCP. Installing a valid certificate on a domain controller automatically enables SSL connections for both LDAP and global catalog traffic.
If you don’t want to secure communication, skip this step.
If you want to create SSL certificates for communication between HCP and AD, you need to create a certificate on every domain controller that communicates with HCP.
To create the SSL certificate:
1.On the Windows server, click Start.
2.In the Search programs and files field, enter: mmc
The Console1 - [Console Root] window opens.
3.On the File menu, select Add/Remove Snap-in.
The Add or Remove Snap-ins window opens.
4.In the Available snap-ins list, select Certificates. Then click Add.
The Certificates snap-in window opens.
5.Select Computer account. Then click Next.
The Select Computer window opens.
6.Click Finish.
Certificates (Local Computer) appears in the Selected snap-ins list in the Add or Remove Snap-ins window.
7.Click OK.
8.In the tree view in the left panel of the Console1 - [Console Root] window, expand Certificates (Local Computer) ► Personal. Then select Certificates.
The middle panel in the window lists information about the CA root certificate.
![]() |
Note: The CA root certificate is only shown on the Domain Controller where the CA service is installed. |
9.On the Action menu, select All Tasks ► Request New Certificate.
The Certificate Enrollment window opens.
10.Click Next.
The Select Certificate Enrollment Policy page appears.
11.Click Next.
The Request Certificates page appears.
12.Select Domain Controller. Then click Enroll.
The Certificates Installation Results page appears.
13.Click Finish.
The Certificates list now includes the SSL certificate for LDAP communication. The value in the Issued To column for this certificate is the concatenation of the computer name and the FQDN of the AD domain (for example, WIN-AD-SERVER.example.local).
© 2015, 2020 Hitachi Vantara LLC. All rights reserved.