Requirements: Active Directory Domain Services configured.

Installation and Configuration of Certification Authority

1. Install Active Directory Certificate Services:

   • On the Windows Server machine, open the Server Manager → Add Roles and Features.
     
     

     image1465×815 147 KB
   • Click Next until you reach the “Role-based or feature-based installation” option, select it, and click Next.
     
     

     image1084×776 123 KB
   • Select your LDAP server from the list and click Next.
     
     

     image1080×771 150 KB
   • Check Active Directory Certificate Services, confirm dependencies by clicking Add Features, and click Next.
     
     

     image1081×771 160 KB
   • Without selecting anything in the Features list, click Next.
     
     

     image1081×769 162 KB
   • In the “Active Directory Certificate Services (AD CS)” section, click Next.
     
     

     image1079×777 150 KB
   • Check Certification Authority and click Next.
     
     

     image1080×768 125 KB
   • Confirm automatic restart if requested, and click Install.
     
     

     image1077×772 154 KB
   • Click on Configure Active Directory Certificate Services on Destination Server and then Close.
     
     

     image1079×772 172 KB
   • Ensure the current user belongs to the local Administrators group. Click Next.
     Recommendation: Use the Administrator user.
     
     

     image1080×759 112 KB
   • Check Certification Authority and click Next.
     
     

     image1078×784 119 KB
   • Choose Enterprise CA and click Next.
     
     

     image1077×795 161 KB
   • Select Root CA and click Next.
     
     

     image1078×791 139 KB
   • Choose Create a new private key and click Next.
     
     

     image1078×794 153 KB
   • Select the hash algorithm SHA256 and click Next.
     Recommendation: Use the latest available hash algorithm.
     
     

     image1078×797 145 KB
   • Click “Next” again.
     
     

     image1080×793 144 KB
   • Specify the certificate validity (default of 5 years) and click Next.
     
     

     image1079×795 124 KB
   • Select the default database location of the CA and click Next.
     
     

     image1075×792 106 KB
   • To confirm, click Configure.
     
     

     image1077×792 134 KB
   • Finally, click Close.
     
     

     image1079×787 93.2 KB

2. Creating a Certificate Template:

   • Press Windows Key + R and run the command certtmpl.msc.
     
     

     image1077×644 126 KB
   • Find the Kerberos Authentication template, right-click on it and select Duplicate Template.
     
     

     image1079×642 129 KB
   • In the “Properties of New Template” window, configure according to your requirements.
   • In the General tab, enable Publish certificate in Active Directory.
     
     

     image602×841 92.9 KB
   • In the Request Handling tab, check Allow private key to be exported.
     
     

     image608×844 129 KB
   • In the Subject Name tab, select the DNS Name format, and click Apply and OK.
     
     

     image602×833 139 KB

3. Issuing the Certificate Template:

   • On the Start menu, type Certification Authority, after it is open, right-click on Certificate Templates and select New → Certificate Template to Issue.
     
     

     image1011×798 134 KB
   • Select your recently created template and click OK.
     
     

     image882×572 148 KB

4. Requesting a New Certificate:

   • Press Windows Key + R, run the command mmc, go to File → Add/Remove Snap-in.
     
     

     image927×397 24.1 KB
   • Select Certificates, click Add.
     
     

     image924×655 163 KB
   • Choose Computer account and click Next.
     
     

     image926×659 52.2 KB
   • Select Local computer and click Finish. Click OK.
     
     

     image923×654 79.9 KB
     
     
     

     image988×702 156 KB
   • In the Console, go to Certificates (Local Computer) > Personal, right-click on Certificates, select All Tasks and click Request New Certificate.
     
     

     image923×397 60.4 KB
   • Click Next, and again Next.
     
     

     image930×658 81.2 KB
     
     
     

     image936×662 70.4 KB
   • Select your certificate and click Enroll. Click Finish.
     
     

     image939×661 107 KB
     
     
     

     image941×667 48.6 KB

5. Exporting the Certificate:

   • Right-click on the newly generated certificate select All Tasks → Export.
     
     

     image930×401 81.8 KB
   • Click Next.
     
     

     image809×769 92 KB
   • Check Do not export the private key and click Next.
   • Choose the file format Base-64 encoded X.509 (.CER) and click Next.
     
     

     image798×761 113 KB
   • Select the path to export the .CER file and click Next.
     
     

     image801×757 39.3 KB
   • Click Finish to complete the export. A confirmation message “The export was successful.” will appear if everything is correct.
     
     

     image810×786 84.1 KB

6. Testing the LDAPS Connection:

   • Open PowerShell with administrator privileges and type the command ldp, then press Enter.
     
     

     image860×470 42 KB
   • In the new window, go to Connection → Connect….
     
     

     image932×496 13.9 KB
   • Enter the host, port 636, check the SSL option, and click OK.
     
     

     image926×490 14.9 KB
     .
   • If the configuration is successful, a log of the connection to the server via LDAPS will be displayed.
     
     

     image926×496 179 KB

After these configurations, you will be able to set up LDAPS between the Windows Server AD DS and applications such as senhasegura.