跳转至主要内容
退出

欢迎访问戴尔

我的帐户
  • 快速、轻松地下订单
  • 查看订单并跟踪您的发货状态
  • 创建并访问您的产品列表
登录 创建帐户 登录Premier 合作伙伴计划登录
联系我们

您的 Dell.com 购物车

PowerStore: Create SSL Certificate from Microsoft certificate authority to enable secure LDAP; LDAPS

摘要: Enabling LDAPS ( secure LDAP ) Authentication requires importing SSL certificates during the LDAP Configuration with Directory Services settings. The instruction below is only if the customer is using a Microsoft certificate authority server. ...

本文适用于 本文不适用于 本文并非针对某种特定的产品。 本文并非包含所有产品版本。
查看其他资源

说明

Active Directory (Windows Server)
  1. Login to LDAP Server via RDP
  2. Once logged in, on the Windows Server, hit the Windows key + R, which should bring up the "Run" application
    1. If for some weird reason you don't have a Windows key; at the bottom left of the screen you can see the Windows icon, click it
    2. Then, you can start typing in the word "Run" and that should bring up a search panel on the right side of your screen, click on the "Run" application
  3. Once the Run application opens, type in the words "mmc" into the text field right next to the word "Open" and then click on the "OK" button
  4. This should open a fresh Microsoft Common Console Document
  5. At the top left, click on File → Add/Remove Snap-in; this should open an "Add or Remove Snap-ins" window
  6. On the left box titled "Available Snap-ins", the first snap-in to select is "Certificates", once it is highlighted, click the "Add" button in the middle of the window
    1. Next, click on "Computer Account" and click the "Next" button
    2. Then click the "Finish" button
  7. Next, add the "Certification Authority" snap-in, hit the "Add" button, and then click the "Finish" button
  8. Lastly, select "Certificate Templates" snap-in and click the "Add" button
  9. Your "Selected snap-ins" should look like this once you are done
  10. Click "OK"
    1. Now you can save this console, so you don't have to add the snap-ins every time, just click on File → Save as and then save it with whatever name you want and wherever you want
  11. Next, make sure all currently Issued certificates are revoked, on the left panel Console Root → Certification Authority (Local)  → Issued Certificates
    1. Highlight all of the certificates issued to PowerStore and right-click on the highlighted certificates and select All Tasks → Revoke Certificate
    1. Then a "Certificate Revocation" window will pop up; you can give the "Reason Code" if you would like, then click the "Yes" button
  2. Next, under Console Root → Certificates (Local Computer) → Personal → Certificates
    1. Right-click in the white space in the  middle panel and select All Tasks → Request New Certificate
    2. This will open the "Certificate Enrollment" window, click the "Next" button
    3. Click "Next" again
    4. On the "Request Certificates" section, find and click the check box next to "Domain Controller Authentication
      1. There should be a "Details" drop-down, click it, and then you should see a "Properties" button, click it
      2. You can enter a "Friendly Name" if you would like to keep track of certificates you generate
      3. Click on the "Subject" tab and under "Subject name" for the "Type" select "Common name" from the drop-down, and then enter in the full computer name for the LDAP server for the "Value", then click "Add"
        1. You can find the "Full Computer Name" by opening a File Explorer, on the left side right-click "This PC" and select "Properties"; you should be able to see the "Full Computer Name" under the "Computer name, domain, and workgroup settings" section
      4. Next, under the "Alternative name" section you can add whatever you would like, for this exercise I will add DNS and an IP Address (v4)
        1. First, select "DNS" as your "Type" and enter the "Full Computer Name" as we did above for the "Common Name", then click "Add"
        2. Second, select "IP Address (v4)" and enter in the LDAP Server IPv4 address for the LDAP Server, then click "Add"
        3. This is what your "Certificate Properties" should look like once you have added everything
        4. Click "Apply", then click "OK"
        5. Finally, you can click "Enroll"
  3. Once the new certificate is generated, you can export it to the "Desktop" so we can view the contents of the certificate
    1. Right-click the new certificate All Tasks → Export
      1. Click "Next
      2. Click "Next" (leave as default)
      3. For the format, select "Base-64 encoded X.509 (.CER)", then click "Next"
      4. Browse the location you would like to save this certificate and with whatever name you would like, then click "Next"
      5. Finally, click "Finish", if successful, you should get a pop-up window with a success message "The export was successful"
  4. Now you have successfully generated a new certificate for the LDAP server and ready to imported in PowerStore> Directory Services while selecting LDAPS Authentication.

受影响的产品

PowerStore, PowerStore 1000X, PowerStore 1000T, PowerStore 3000X, PowerStore 3000T, PowerStore 5000X, PowerStore 5000T, PowerStore 7000X, PowerStore 7000T

产品

PowerStore 9000X, PowerStore 9000T
文章属性
文章编号: 000184370
文章类型: How To
上次修改时间: 12 1月 2023
版本:  4
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。