deploying AD with SSL for ports 636 and 3269?

I am playing around with installing Server 2016 Core using powershell and trying to get some test benches working. From what I read, I should just be able to install ADDSForest, install the ADCS Cert Authority using an EnterpriseRootCA and have everything be happy. But there is still no certificate being provided on ports 636 and 3269. it doesn’t help that almost every guide I have found ignores the encryption portion.

The commands are pretty simple so far:

Install-ADDSForest -DomainName domain.com -InstallDns:$true -Force:$true

Install-AdcsCertificationAuthority -CAType EnterpriseRootCa -CryptoProviderName “ECDSA_P256#Microsoft Software Key Storage Provider” -KeyLength 256 -HashAlgorithmName SHA256

And everything installs fine and happy. However, if I hop onto a linux box, or a machine with RSAT and run:

openssl s_client -showcerts -connect www.domain.com:636

It comes back with nothing! 389 and 3268 is working as intended. What am I missing?

submitted by /u/ICanSeeYou7867
[link] [comments]

Leave a Reply