Microsoft AD LDAP (2008): Importing Your Certificate .pfx File into the AD DS Personal Store

Once you have the .pfx certificate file, you can use Microsoft Management Console (MMC) to import it into the Active Directory Domain Services Personal Store.

IMPORTING THE .PFX CERTIFICATE FILE

1. Open the Microsoft Management Console (MMC) as an admin.
   • In the Windows Start menu, in the Search programs and files box, type mmc.
   • Right-click on mmc.exe and select Run as administrator.
2. In the User Account Control window, click Yes to allow the program to make changes to the computer.
3. In the MMC Console, click File > Add/Remove Snap-in.
4. 
5. In the Add or Remove Snap-ins window, under Available snap-ins, select Certificates and then, click Add.
6. In the Certificates snap-in window, select Service account and then, click Next.
7. 
8. In the Select Computer window, select Local computer: (the computer this console is running on) and then, click Next.
9. In the Certificates snap-in window, select Active Directory Domain Services and then, click Finish.
10. In the Add or Remove snap-ins window, click OK.
11. 
12. In the MMC Console, in the console tree, expand Certificates – Service (Active Directory Domain Services), right-click on NTDS/Personal, and select Import.
13. In the Certificate Import Wizard, on the Welcome to the Certificate Import page, click Next.
14. 
15. On the File to Import page, click Browse to browse for and select the .pfx certificate file (e.g. your_domain_com.pfx) that you exported using the DigiCert Certificate Utility, select the file, click Open, and then, click Next.
16. 
17. On the Password page, do the following:
    1. In the Password box, enter the password that you created when you exported the .pfx certificate file.
    2. Check Include all extended properties.
    3. Check Mark this key as exportable.
    4. Click Next.
    
18. On the Certificate Store page, leave the default settings and click Next.Default Settings:
    1. Place all certificates in the following store
    2. Certificate store: NTDS\Personal
    
19. On the Completing the Certificate Import page, review your settings and then, click Finish.
20. 
21. All your client computers should now be able to make SSL connections to all your domain controllers in the forest.

VERIFY SSL WAS SUCCESSFULLY CONFIGURED

1. Open the LDP snap-in as and admin.
   • In the Windows Start menu, in the Search programs and files box, type ldp.
   • Right-click on ldp.exe and select Run as administrator.
2. In the User Account Control window, click Yes to allow the program to make changes to the computer.
3. In Ldp, click Connection > Connect.
4. 
5. In the Connect window, do the following:
   • In the Server box, enter the hostname of to which you are connecting.
   • In the Port box, enter 636.
   • Check SSL.
   • Uncheck Connectionless.
   • Click OK.
   
6. The command output should display the user name and the domain name for the binding.
7. If you receive the Cannot open connection message, LDAP-over-SSL binding is not configured properly.
8. 
9. Click OK.
10. Next, in LDP, click Connection > Bind.
11. 
12. In the Bind window, click OK.
13. 
14. The command output should now display the user name and the domain name for the binding.

Next Tech Document

TECH DOCUMENTSEP 26, 2018

How to Install SSL Certificates on Microsoft Active Directory LDAP 2012

View All Tech Documents

Related Topics

How-to guidesSSL / TLSView All Resources