Testimonial: UMRA has been a great help for us to get grip on our usermanagement. We use it to delegate usermanagement to our service department, to auto-update users with input from our personel files and for mass-edit -move and -check users. UMRA -and its support- has proven itself to be very flexible in use even in a complex environment. Ing. A. Gotink ICT Expert / Productmanager Windows Ministry of Agriculture http://www.minlnv.nl read more...

Log on to domain controller

This topic follows the guidelines of article Q321051. Log on to the domain controller (LDAP Server) with an enterprise administrator account.

To create the certificate request, the certreq.exe program is used. The certreq.exe program is part of the Windows installation and requires a text input file to generate a certificate request.

With your favorite ASCII editor (notepad.exe?), create a file with the following contents:

[Version]

Signature="$Windows NT$"

[NewRequest]

Subject = "CN=king.tools4ever.local3"

; replace with the FQDN of the DC

KeySpec = 1

KeyLength = 2048

; Can be 1024, 2048, 4096, 8192, or 16384.

; Larger key sizes are more secure, but have

; a greater impact on performance.

Exportable = TRUE

MachineKeySet = TRUE

SMIME = False

PrivateKeyArchive = FALSE

UserProtected = FALSE

UseExistingKeySet = FALSE

ProviderName = "Microsoft RSA SChannel Cryptographic Provider"

ProviderType = 12

RequestType = PKCS10

KeyUsage = 0xa0

[EnhancedKeyUsageExtension]

OID=1.3.6.1.5.5.7.3.1

In the file, the entry regarding the subject,

Subject = "CN=king.tools4ever.local3"

must be changed to contain the fully qualified domain name of the Active Directory domain controller that is going to support secure LDAP. Example:

Subject = "CN=OtherServer.mydomain.com"

Save the file to ldapcert.inf. From a command prompt, create the request file with certreq.exe:

certreq -new ldapcert.inf ldapcert.req

A new file is now created: ldapcert.req. This is the base64 encoded request file and it contains something like this:

-----BEGIN NEW CERTIFICATE REQUEST-----

MIIELDCCAxQCAQAwITEfMB0GA1UEAxMWa2luZy50b29sczRldmVyLmxvY2FsMzCC

ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANFwryRM0qxBNQKr/fQlZrbL

gqs9LMWFSolAzVA342N2RisBLXVFtuoNxZPkD0UIQmcLLjwBA8svmVsfLRMa+0yg

GKnxYkrpVLOwGkEsLtPKKrt/ZfS1IeChkTSC7xZ2U/ajx0qVqUyxtEfGvNl9t7gO

Qr5o0f4Ydeld70Y42J2uxmYophZQQrwfDxdE8RB98TjXm+ATdVbKw500Egv7oYD9

E5eH7tk3BVNzL65n+MdUTl3jtg7LiivFBbZrDy4WbDjQDcBTx8T98E6sgtOt5iMU

W3rdpPtg8kPWwCDCFPCaXTeaRnGWx5QlvfanoOml/EhxclXi82vCAH6HkTzy8rUC

AwEAAaCCAcQwGgYKKwYBBAGCNw0CAzEMFgo1LjIuMzc5MC4yMFAGCSqGSIb3DQEJ

DjFDMEEwHQYDVR0OBBYEFHf9nSUn4NT5wX9p4jI2tcwHS/2eMBMGA1UdJQQMMAoG

CCsGAQUFBwMBMAsGA1UdDwQEAwIFoDBUBgkrBgEEAYI3FRQxRzBFAgEBDB9jb3Vu

dC5ub2JpbGl0eS50b29sczRldmVyLmxvY2FsDBZOT0JJTElUWVxBZG1pbmlzdHJh

dG9yDAdjZXJ0cmVxMIH9BgorBgEEAYI3DQICMYHuMIHrAgEBHloATQBpAGMAcgBv

AHMAbwBmAHQAIABSAFMAQQAgAFMAQwBoAGEAbgBuAGUAbAAgAEMAcgB5AHAAdABv

AGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIDgYkAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADANBgkqhkiG9w0BAQUFAAOCAQEA

nTAOKjTTbz/ABAHCZRNmn/SSj5w7DoMBUP07I8QQMf4ruI0ClEuX5jhlm+jwnypY

pDNHnn2uRI08hN5jwOcc/36DGNaSgu9cOg3s/FCHnDkhMotqST4UgjH8bVBXfTrP

ryAswB4CtFDPK4Po9+Fz/TeNb1rD4yC0hvYL2m+Gwyl9rupfj9eyy7VaFZDeHltR

2DkGjF7fOiwjZgXi7jy4w0GtC53hWYWxfTaRTPjKuoGFIwDcUHNucdSEQ216xTg7

yLgyyQv8imBI98dr+XXVJeAQk/ByD8uCU0DWM2M64i2ccw8QhlyOPyj36914K2zd

WJSRbwjM1KpvtyFrzwCGJg==

-----END NEW CERTIFICATE REQUEST-----