Focus on Microsoft
Re: NTFS default special permissions Sep 05 2007 03:43PM
Megan Kielman (megan kielman gmail com) (2 replies)
Authenticating with TLS against Active Directory Sep 06 2007 01:38PM
James D. Stallard (james leafgrove com) (4 replies)
RE: Authenticating with TLS against Active Directory Sep 10 2007 04:46PM
James D. Stallard (james leafgrove com)
Thank you for your answers, this is what I did:

. Download the MS ISS6.0 Resource Kit.
. Install (using custom install) SelfSSL on the machine you wish to generate
the Self-Signed Certificate for (I used DC01.ad.local).
. Run the command: "selfssl /N:CN=DC01.ad.local /K:1024 /V:1825 /S:1
/P:443". Research the command FIRST if you're running this on an IIS Server.
. Ignore the message "Error opening metabase: 0x80040154" - which appears if
IIS isn't installed.
. Using the Certificates MMC snap-in (configured for the local Computer
Account), go to Personal\Certificates and export the public key. We needed
Base64 encoding for our linux app.
. Import the newly created .CER file into whatever app needs to authenticate
on the Active Directory and point the app to the server that has the
certificate installed (in this case DC01.ad.local).

Don't forget to backup the private key!

Keep in mind that this is a 5 year cert (/v:1825) and will only authenticate
against the specified Domain Controller (DC01.ad.local). It's vastly
preferred to do a proper PKI design, but this solves the issue while we
decide on whether PKI is for us.

Cheers

James

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of James D. Stallard
Sent: 06 September 2007 14:39
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Authenticating with TLS against Active Directory

I have a Windows Server 2003 R2 Active Directory and a Linux box running an
application (called Collage) whose users I would like to authenticate
against the AD. The application only supports TLS, so I need a certificate.
However, I do not have the time on this job to properly design and deploy
PKI, so I'm looking for a one-off solution.

My questions are therefore:

. If I create a self-signed certificate (using SelfSSL.EXE from the IIS
reskit), install it on a Domain Controller and export it, can I use that to
authenticate my Linux application?
. Is there a better way of achieving the same goal?

Thanks in advance
Cheers

James

James D. Stallard CITP
Chief Technical Architect
Leafgrove Limited
Web: www.leafgrove.com
LinkedIn: www.linkedin.com/in/jamesdstallard

[ reply ]
Re: Authenticating with TLS against Active Directory Sep 06 2007 04:23PM
Christoph Gruber (list guru at)
Re: Authenticating with TLS against Active Directory Sep 06 2007 04:11PM
ManInWhite (maninwhite tpg com au)
RE: Authenticating with TLS against Active Directory Sep 06 2007 03:14PM
Depp, Dennis M. (deppdm ornl gov)
Re: NTFS default special permissions Sep 05 2007 04:00PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net)


 

Privacy Statement
Copyright 2010, SecurityFocus