Search

Skip to end of metadata
Go to start of metadata

The certificate OpenAthens needs is the root certificate of your LDAP server - i.e. the subject and issuer are the same:

When your server is a CA

  1. In the server manager expand Roles > Active Directory Certificate Services > Enterprise PKI > Your server name

  2. Double click the CA certificate, go to the details tab and click copy to file. In the wizard select Base-64 encoded X.509.

    1. The CA cert is usually created when you install certificate services. If you don’t have one there, you’ll need to create one (more actions > manage CA)

     
  3. The resulting .cer file can be opened in your favourite text editor and the contents copied to the certificate tab of the OpenAthens LDAP connector

When your server is not a CA

The usual way to generate a self-signed certificate is via IIS on the same server as ActiveDirectory:

  1. Access your AD box

  2. In the server manager navigate to Roles > Web Server (IIS) > Internet Information Services (IIS) Manager

  3. On the right, click on your server and then in the IIS section click on 'Server Certificates'

  4. From the actions pane select Create Self-Signed certificate (creates a certificate and puts it in your trusted root CA store)

  5. Double click the certificate you created, go to the details tab and click copy to file. In the wizard select Base-64 encoded X.509.

  6. The resulting .cer file can be opened in your favourite text editor and the contents copied to the certificate tab of the OpenAthens LDAP connector


If you are generating it by other methods, you will need to ensure it is in the name of that server and then import it into the Trusted Root Certification Authorities store via certmgr.msc, then pick up from step 5 above.

Anything to watch out for?

If the connection check on the LDAP connector still shows an error, check that your self-signed certificate is in the trusted root certificate authority store via certmgr.msc and copy it there if necessary.

  • No labels