Step 1 (conditional): Create the SSL certificate

If you want to enable SSL secured LDAP communication between HCP and AD, you need to create an SSL certificate on each domain controller in AD used by HCP. Installing a valid certificate on a domain controller automatically enables SSL connections for both LDAP and global catalog traffic.

If you don’t want to secure communication, skip this step.

If you want to create SSL certificates for communication between HCP and AD, you need to create a certificate on every domain controller that communicates with HCP.

To create the SSL certificate:

1.On the Windows server, click on the Start button.

2.In the Search programs and files field, enter: mmc

The Console1 - [Console Root] window opens.

3.On the File menu, select Add/Remove Snap-in.

The Add or Remove Snap-ins window opens.

4.In the Available snap-ins list, select Certificates. Then click on the Add button.

The Certificates snap-in window opens.

5.Select Computer account. Then click on the Next button.

The Select Computer window opens.

6.Click on the Finish button.

Certificates (Local Computer) appears in the Selected snap-ins list in the Add or Remove Snap-ins window.

7.Click on the OK button.

8.In the tree view in the left panel of the Console1 - [Console Root] window, expand Certificates (Local Computer)Personal. Then select Certificates.

The middle panel in the window lists information about the CA root certificate.

Note: The CA root certificate is only shown on the Domain Controller where the CA service is installed.

9.On the Action menu, select All TasksRequest New Certificate.

The Certificate Enrollment window opens.

10.Click on the Next button.

The Select Certificate Enrollment Policy page appears.

11.Click on the Next button.

The Request Certificates page appears.

12.Select Domain Controller. Then click on the Enroll button.

The Certificates Installation Results page appears.

13.Click on the Finish button.

The Certificates list now includes the SSL certificate for LDAP communication. The value in the Issued To column for this certificate is the concatenation of the computer name and the FQDN of the AD domain (for example, WIN-AD-SERVER.example.local).

Trademark and LegalDisclaimer

© 2016 Hitachi Data Systems Corporation. All rights reserved.