Configurer un DC pour être accessible en LDAP SSL

 

Ces éléments d’informations sont tirés de cette fiche Technet :  http://support.microsoft.com/kb/321051

 

 

 

;----------------- request.inf -----------------

[Version]

Signature="$Windows NT$

 

[NewRequest]

 

Subject = "CN=VotreServer.VotreDomaine.Extension" ; replace with the FQDN of the DC

KeySpec = 1

KeyLength = 1024

; Can be 1024, 2048, 4096, 8192, or 16384.

; Larger key sizes are more secure, but have

; a greater impact on performance.

Exportable = TRUE

MachineKeySet = TRUE

SMIME = False

PrivateKeyArchive = FALSE

UserProtected = FALSE

UseExistingKeySet = FALSE

ProviderName = "Microsoft RSA SChannel Cryptographic Provider"

ProviderType = 12

RequestType = PKCS10

KeyUsage = 0xa0

 

[EnhancedKeyUsageExtension]

 

OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication

;-----------------------------------------------

 

 

certreq -new request.inf request.req

 

 

-----BEGIN NEW CERTIFICATE REQUEST-----

MIIDFzCCAoACAQAwIDEeMBwGA1UEAxMVRENHRE0yLmdkbS5ncm91cC5yb290MIGf

MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgTt08vWDrWvdaWvVPJdgXBOAQl8Ey

HjhtXRPie2kfcM63yUGYmk0qeB6CHy2YWI3+E9Ig/IvndK5NXIsNGKmJcge0TOL+

2J7FB5/GHLzhm2dSFUMJExomWLhL9Q9Z2UBTOBAiB+iQy1DLdnnV3JmV+kuJy9Y2

5cFDzQQyGMIelQIDAQABoIIBtTAaBgorBgEEAYI3DQIDMQwWCjUuMi4zNzkwLjIw

RQYJKwYBBAGCNxUUMTgwNgIBAQwVRENHRE0yLmdkbS5ncm91cC5yb290DBFHRE1c

YWRtaW5pc3RyYXRvcgwHY2VydHJlcTBQBgkqhkiG9w0BCQ4xQzBBMB0GA1UdDgQW

BBSEuWb/duuM+e7navV4cNM2G4qCKzATBgNVHSUEDDAKBggrBgEFBQcDATALBgNV

HQ8EBAMCBaAwgf0GCisGAQQBgjcNAgIxge4wgesCAQEeWgBNAGkAYwByAG8AcwBv

AGYAdAAgAFIAUwBBACAAUwBDAGgAYQBuAG4AZQBsACAAQwByAHkAcAB0AG8AZwBy

AGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcgOBiQAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA0GCSqGSIb3DQEBBQUAA4GBAEpX2ZFS

NrETLk7mRNHZTMP2UOi+TL0Eqhcfs0GS213xWE7BNDFEZhhQmu5SpG8u1gYKw7jl

SzgqZFv9RN+VLZ7pQaPuwA6AzXJ3JWkY1+6f6cMa2FI3lmVDl7sWJM2Wh/VJpNtm

WIl1Nq29qnI8vmPr+8Ob9rDQxKOmv9iDgC2T

-----END NEW CERTIFICATE REQUEST-----

 

 

 

-----BEGIN CERTIFICATE-----

MIIE1jCCA76gAwIBAgIKYRdI0AAAAAAAAzANBgkqhkiG9w0BAQUFADBQMRQwEgYK

CZImiZPyLGQBGRYEcm9vdDEVMBMGCgmSJomT8ixkARkWBWdyb3VwMRMwEQYKCZIm

iZPyLGQBGRYDZ2RtMQwwCgYDVQQDEwNHRE0wHhcNMDcxMDI5MTQwMjQzWhcNMDgx

MDI5MTQxMjQzWjAgMR4wHAYDVQQDExVEQ0dETTIuZ2RtLmdyb3VwLnJvb3QwgZ8w

DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKBO3Ty9YOta91pa9U8l2BcE4BCXwTIe

OG1dE+J7aR9wzrfJQZiaTSp4HoIfLZhYjf4T0iD8i+d0rk1ciw0YqYlyB7RM4v7Y

nsUHn8YcvOGbZ1IVQwkTGiZYuEv1D1nZQFM4ECIH6JDLUMt2edXcmZX6S4nL1jbl

wUPNBDIYwh6VAgMBAAGjggJkMIICYDAdBgNVHQ4EFgQUhLlm/3brjPnu52r1eHDT

NhuKgiswEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMB8GA1UdIwQY

MBaAFOd9YtMj/f58m4um0KTBnjn+5HF3MIHwBgNVHR8EgegwgeUwgeKggd+ggdyG

gahsZGFwOi8vL0NOPUdETSxDTj1EQ0dETTIsQ049Q0RQLENOPVB1YmxpYyUyMEtl

eSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9Z3Jv

dXAsREM9cm9vdD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0

Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGL2h0dHA6Ly9kY2dkbTIuZ2RtLmdy

b3VwLnJvb3QvQ2VydEVucm9sbC9HRE0uY3JsMIIBBwYIKwYBBQUHAQEEgfowgfcw

gaEGCCsGAQUFBzAChoGUbGRhcDovLy9DTj1HRE0sQ049QUlBLENOPVB1YmxpYyUy

MEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9

Z3JvdXAsREM9cm9vdD9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2Vy

dGlmaWNhdGlvbkF1dGhvcml0eTBRBggrBgEFBQcwAoZFaHR0cDovL2RjZ2RtMi5n

ZG0uZ3JvdXAucm9vdC9DZXJ0RW5yb2xsL0RDR0RNMi5nZG0uZ3JvdXAucm9vdF9H

RE0uY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQCjHWFXqMnAr1IuAN/LkVrO0ePLi/WZ

pbaPS4CRnNeNLmGZJj9z6WVwJnYOEbdNtANeCY+aGz/M0OZ+Qpw1x+5N73bDEz2K

v4jTTLTKamjKEK9vzphYo6C5hJ9jtIMFcoerxDKg0UMLw4wwq60nNNQh6Q1dQs/P

7SzmY6iLXkgQfIBpUSrXN7L3uLmnrVFn3cpRbsYpgv009l3gT//YgWrRA2o1w93A

7kx5Mf1qXQjX4yNPFYAZEXm9Ud+uvnYdpL+SjEClG3M6ToHOFfbPvX+iWl3iKLze

fgzm1acxqBdwOatn90QxsDUhf4JGL4vogbSqBcnbMzVvwryZU9b0ui2G

-----END CERTIFICATE-----

 

 

certreq -accept certnew.cer