October 27th, 2009 
etdot In my search to Enable LDAP SSL with AD in Windows 2003, I found this which described out to configure Automatic Certificate Requests for Domain Controllers. This turned out to be a very easy way for Domain Controllers to automatically get certificates assigned and start using SSL for AD. First you set up a MS Certificate Authority, then do the following:
1. Click Start, select Administrative Tools and click Domain Controller Security Policy.
2. In the Default Domain Controller Security Settings window, click the Public Key Policies folder.
3. Right click Automatic Certificate Request Settings, select New and click Automatic Certificate Request.
4. Click Next in the Automatic Certificate Request Setup Wizard.
5. Select Domain Controller in the Certificate Template page and click Next.
6. Click Finish and reboot your server.
7. Check if automatic certificate request worked by using the Certificate Authority app located in Start > Administrative Tools. Check the Issued Certificates folder if your server is there.
Note that when connecting to AD using LDAPS, use port 636 and also use the server name (contained in the certificate) – the IP address of the server did not work for me.
References:
Enable LDAP SSL with Active Directory in Windows 2003
http://www.linuxmail.info/enable-ldap-ssl-active-directory/
How to enable LDAP over SSL with a third-party certification authority
http://support.microsoft.com/default.aspx?scid=kb;en-us;321051
How To Enable Secure Socket Layer (SSL) Communication over LDAP for Windows 2000 Domain Controllers
http://support.microsoft.com/kb/247078
Posted in 
Tags: