Help Center/ Workspace/ FAQs/ FAQs for Administrators/ How do I Export the Root Certificate of an LDAPS-enabled AD server?
Updated on 2024-02-27 GMT+08:00

How do I Export the Root Certificate of an LDAPS-enabled AD server?

After LDAPS is enabled on the AD server, the administrator needs to configure the root certificate exported from the AD server on the management console for LDAPS to take effect.

The LDAPS root certificates on the active and standby AD servers are the same. If the active and standby AD servers are used, you can log in to either AD server to obtain the certificate.

  1. Log in to the AD server, click , and enter Run to start the application.
  2. Enter mmc in Open to go to Console Root.
  3. Choose File > Add/Remove Snap-ins.
  4. In the Available snap-ins list, double-click Certificates.
  5. Select Computer account and click Next to select a computer.
  6. Select Local computer: (the computer this console is running on), click Finish, and click OK.
  7. Under the Console Root, expand Certificates.
  8. Choose Personal > Certificates.
  9. Right-click the certificate whose Certificate Template is Domain Controllers and choose All Tasks > Export. The certificate export wizard page is displayed.
  10. Click Next.
  11. Select No, do not export the private key and click Next.
  12. Select Base-64 encoded X.509 (.CER) and click Next.
  13. Click Browse, select a path for storing the certificate, set the certificate name, click Save, and click Next. The information confirmation page is displayed.
  14. Confirm the configurations and click Finish.