https://community.cisco.com/t5/network-security/ldap-to-ldaps-authentication/m-p/3363117#M1026243 Thank you Rahul for responding.<BR /><BR />Are are good steps for installing certificate on the servers and the https<BR />certificate on the ASA?<BR /><BR />Thank you!<BR /> Tue, 10 Apr 2018 01:14:42 GMT latenaite2011 2018-04-10T01:14:42Z https://community.cisco.com/t5/network-security/ldap-to-ldaps-authentication/m-p/3363032#M1026237 <P>Good afternoon,</P> <P>&nbsp;</P> <P>I am just trying to figure out what the steps are for enabling LDAP to LDAPs authentication and specifically what needs to be done on the server.&nbsp; I saw that a certificate needs to be installed and the steps weren't too intuitive.&nbsp;</P> <P>&nbsp;</P> <P>They are running on version 9.x.&nbsp; &nbsp;&nbsp;</P> <P>&nbsp;</P> <P>Does anyone have a newer update to the steps required to get this done?</P> <P>&nbsp;</P> <P>Thank you!</P> <P>LN</P> Fri, 21 Feb 2020 15:36:54 GMT https://community.cisco.com/t5/network-security/ldap-to-ldaps-authentication/m-p/3363032#M1026237 latenaite2011 2020-02-21T15:36:54Z https://community.cisco.com/t5/network-security/ldap-to-ldaps-authentication/m-p/3363116#M1026238 <P>The only changes I can think of to make on the ASA are:</P> <P>&nbsp;</P> <P>1) change port from 389 to 636</P> <P>2) Install the CA certificate of your servers HTTPS certificate on the ASA. So if your LDAP server has an AD issued HTTPS certificate, export the sub-CA or Root CA and import the .cer or .crt file into a new trustpoint as a CA certificate.&nbsp;</P> <P>3) Make sure your SSL settings have the right protocols supported by your LDAP server. Do a "show run all ssl"&nbsp;and "show crypto ssl" to see whats supported on the ASA.</P> <P>4) Preferably use the name of the server instead of the ip address.</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 10 Apr 2018 01:11:29 GMT https://community.cisco.com/t5/network-security/ldap-to-ldaps-authentication/m-p/3363116#M1026238 Rahul Govindan 2018-04-10T01:11:29Z https://community.cisco.com/t5/network-security/ldap-to-ldaps-authentication/m-p/3363117#M1026243 Thank you Rahul for responding.<BR /><BR />Are are good steps for installing certificate on the servers and the https<BR />certificate on the ASA?<BR /><BR />Thank you!<BR /> Tue, 10 Apr 2018 01:14:42 GMT https://community.cisco.com/t5/network-security/ldap-to-ldaps-authentication/m-p/3363117#M1026243 latenaite2011 2018-04-10T01:14:42Z https://community.cisco.com/t5/network-security/ldap-to-ldaps-authentication/m-p/3363606#M1026245 <P>ASA CA cert installation:&nbsp;<A href="https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html#anc12" target="_blank">https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html#anc12</A></P> <P>&nbsp;</P> <P>Steps 1-3 under section "1.1 Installation of the Identity Certificate in PEM Format with ASDM"</P> <P>&nbsp;</P> <P>Configuring LDAP over SSL: I don't think there is Cisco documentation for this. Here are a third party one:&nbsp;<A href="https://www.petri.com/enable-secure-ldap-windows-server-2008-2012-dc" target="_blank">https://www.petri.com/enable-secure-ldap-windows-server-2008-2012-dc</A></P> <P>&nbsp;</P> Tue, 10 Apr 2018 17:15:18 GMT https://community.cisco.com/t5/network-security/ldap-to-ldaps-authentication/m-p/3363606#M1026245 Rahul Govindan 2018-04-10T17:15:18Z https://community.cisco.com/t5/network-security/ldap-to-ldaps-authentication/m-p/4386215#M1080016 <P>Hi Rahul,</P><P>&nbsp;</P><P>after i added the CA Certificate, do i need to install it on Identity Certificates?</P><P>i am not able to see it in the field</P><P>&nbsp;</P><P>br</P><P>Yordan</P> Tue, 13 Apr 2021 14:14:13 GMT https://community.cisco.com/t5/network-security/ldap-to-ldaps-authentication/m-p/4386215#M1080016 Yordan1 2021-04-13T14:14:13Z