KB_150185: How To Configure Microsoft AD Back-end authentication with SSL on IDENTIKEY Appliance.9/11/2017 1:36:08 PM
This article will explain in more detail the required steps to enable Microsoft AD (LDAP) back-end authentication using SSL on IDENTIKEY Appliance.
Problem symptoms / details.
IDENTIKEY Appliance supports use of Microsoft Active Directory Back-end Authentication using LDAP over SSL. There are a few advantages using this protocol. Without SSL.
Without SSL, IDENTIKEY Authentication Server (IAS) will use Digest MD5. This protocol is less standard and reversible encryption may be needed to get it working. Also the use of the DNS server of the domain is mandatory. With SSL the password is send through the encrypted tunnel and no MD5 Digest is used.
To get this working, following steps are needed:
1. Get the certificate out of the CA of your domain.
2. Transform the certificate and store it in IDENTIKEY Appliance.
3. Make sure that the Domain Controller name is resolved correctly on your
4. Configure the Back-end Authentication
5. Test the configuration.
1. Get the certificate out of the CA of your domain:
Open the AD CA server, Select a certification authority, right-click it, and select Properties.
In the Properties window, click the View Certificate button, select the Details tab and click the Copy to File button.
Applies to: IDENTIKEY Appliance
KB 150185– 11/09/2017
© 2017 VASCO Data Security. All rights reserved.