Manage Active Directory certificates

This documentation 1 shows up how to create and update certificates in Active Directory.


Certificate is mandatory to use LDAPS with Active Directory

Create a certificate

  1. Using the Active Directory Control Panel – Add/Remove Programs administration tool:

    • Select Add/Remove Windows Components to start the Windows Components Wizard.

    • Place check marks next to Certificate Services and Internet Information Services (IIS).

    • Click Next>.

  2. Select Enterprise root CA Certificate Authority Type and click Next>.

  3. Enter a CA name (server name) and click Next>. On Windows Server 2003, this is the Common name for this CA.

  4. Leave the Data Storage Locations as default and click Next>.

  5. The software installation process is complete. Click Finish.

Update a certificate

When AD certificate will expire, you probably want to udpate it with the same key.

To do this:

  1. Click Startrunmmc

  2. In MMC click ConsoleAdd snap-inAddCertificatesAddComputer AccountNextFinish

  3. Expand Certificates (Local Computer)

  4. Go in branch Personal

  5. Select the current certificate

  6. Right click on it → All tasksGenerate with the same key


You must restart Active Directory server to use the new certificate for LDAP service (yes it’s a shame)



Documentation comes from