Hello,
I have Windows 2008 R2 domain controllers and a Windows 2008 stand alone CA server. Due to a 3rd party software on our network, I've been working on enabling LDAP over SSL on one of our domain controllers and eventually all of them. I've followed the steps outlined here:http://support.microsoft.com/kb/321051 and in the corresponding article for Windows 2008 here:http://technet.microsoft.com/en-us/library/dd941846(WS.10).aspx. I am still not able to connect to the domain controller using LDP.exe over port 636 with SSL; however, the 3rd party software is now working and I can see the certificate so I beleive everything looks ok except of not being able to connect using LDP over SSL.
The problem I have is that the certificate is only valid for 1 year. When I created the certificate request using an inf file and then processed it on the CA server I did not see anywhere in that process to change the validity date to say 20 years instead of 1 year. I would really rather not have to re-visit this process for a while since it was rather tedious thing to do and had mixed results with the many different published ways of doing it. I did modify the "Domain Controller Authentication" template on the CA server to a validity date of 20 years before creating the certificate but that didn't work. On the domain controller I ran the certutil -VerifyStore MY command and the "Template:" section is blank, so it looks like the process doesn't actually use a template.
Can someone please advise on how to create this certificate with the method outlined and set it to a longer validity date?
Thank you very much in advance for any help that can be provided.
Don