{"id":649,"date":"2010-10-04T02:54:38","date_gmt":"2010-10-04T07:54:38","guid":{"rendered":"http:\/\/yourLinuxGuy.com\/?p=649"},"modified":"2010-10-23T22:37:39","modified_gmt":"2010-10-24T03:37:39","slug":"how-to-do-ldaps-queries-from-linux-to-active-directory-pt-2","status":"publish","type":"post","link":"https:\/\/yourLinuxGuy.com\/?p=649","title":{"rendered":"How to do LDAPS queries from Linux to Active Directory pt. 2"},"content":{"rendered":"

Sub-Title:\u00a0 “An easier<\/em> way to export a MS AD CA root cert…”<\/p>\n

After the popularity of my first post on this subject<\/a>, I’ve decided to write a couple follow-ups to add some more tips around this subject.\u00a0 As a result, this is part 2 in a series of 5 posts on this subject.\u00a0 For background, please also see part 1<\/a>, part 3<\/a>, part 4<\/a>, and part 5<\/a>.<\/em><\/em><\/p>\n

In “Part 1<\/a>“, I instruct you to generate and export the Root CA certificate locally from the console of the CA server itself, for use in your SSL-based LDAPS query.\u00a0 But what if the CA root certificate had been generated some time ago, or you are not able to to conveniently access that server’s console for some reason?<\/p>\n

Luckily for you…\u00a0 Since this is a MS AD CA server, if you have the “World Wide Web Service” component of IIS, *and* the “Web Enrollment Support” component of the CA server service, then there is a built-in web-based utility to help you out.\u00a0 So given all that, here is a good alternate way to export the Root CA certificate from a Windows Certificate Authority:<\/p>\n