How to do LDAPS queries from Linux to Active Directory pt. 4

Sub-Title:  “What if you don’t know the exact certificate subject of the AD server?”

This is part 4 in a series of 5 posts on this subject; for background, please also see part 1, part 2, part 3, and part 5.

If you just don’t know the certificate “subject” name of the server you’re trying to query (remember from part 1 in this series that subject name match is critical in LDAPS queries!), but you have the IP address or other resolvable hostname info, here’s how to check the subject of the certificate:

openssl s_client -connect corpdc01.yourlinuxguy.com:636 -showcerts

This will dump a whole bunch of SSL information, and the first couple lines will show you the server subject, but to be 100% certain you should scroll down to the “Server certificate subject” section to see the value and be sure.

I hope that helps!

Leave a Comment

Your email address will not be published.