Skip to main content
Skip table of contents

Enable LDAPS for Active Directory

This guide explains how to enable support for LDAPS on Active Directory. It covers how to install Active Directory Certificate Services, enabling a Certificate Authority service on a single Domain Controller, then exporting the self-signed server certificate, which is required by TASS to authenticate the LDAPS requests. 

This article is provided as general guidance and as an example of one particular way that LDAPS can be configured for use with TASS. 

These steps have been tested on Windows Server 2019 with the Active Directory Domain Services role installed and configured. 

Install Active Directory Certificate Services

  1. Open Server Manager.

  2. Click Manage, then click Add Roles and Features.

  3. If you are shown the Before you Begin page, click Next.

  4. On the Installation Type page, select Role-based or Feature-Based Installation, then click Next. 

  5. On the Server Selection page, select your server, then click Next.

  6. On the Server Roles page, select Active Directory Certificate Services, then click Next. 

  7. If prompted to install the management tools, ensure they are selected, then click Add Features. 

  8. On the Features page, click Next.

  9. On the Active Directory Certificate Services page, read the information provided, then click Next. 

  10. On the Role Services page, ensure Certification Authority is selected, then click Next. 

  11. On the Confirmation page, click Install to start the installation process. 

  12. On the Results page, once the installation has completed. click Close.

Enable the Certificate Authority Service

  1. Back in Server Manager, click on the Notifications icon (flag at the top right), then click on the option to Configure Active Directory Certificate Services. 

  2. On the Credentials, select an account to configure the CA service. You can use your current Domain Admin account, which will be selected by default. Click Next to continue. 

  3. On the Role Services page, select Certification Authority, then click Next. 

  4. On the Setup Type page, select Enterprise CA, then click Next.

  5. On the CA Type page, select Root CA, then click Next. 

  6. On the Private Key page, select Create a new private key, then click Next. 

  7. On the Cryptography page, accept the default cryptographic settings, then click Next. 

  8. On the CA Name page, accept the default CA name, then click Next. 

  9. On the Validity Period page, accept the default validity period, then click next. 

  10. On the Certificate Database page, accept the default database location, then click Next. 

  11. On the Confirmation page, review your selections, then click Configure. 

  12. On the results page, once the installation has completed click Close.

Export the Server Certificate

When using a self-signed certificate, TASS will not trust it by default. You will need to export it so you can later import it into the TASS keystore. 

  1. Open Server Manager.

  2. Click Tools, then click on Certification Authority. 

  3. Under Certification Authority (Local), right-click on your server, then click Properties. 

  4. On the General tab, select your server's certificate, then click View Certificate.

  5. On the Details tab, click Copy to File. 

  6. The Certificate Export Wizard will load. Click Next to continue.

  7. Select DER encoded binary X.509 (CER), then click Next. 

  8. Enter a location for this certificate to be exported to, then click Next. 

  9. Once complete, click Finish.

Retain the certificate you exported, as you will need to import it to TASS.



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.