Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Configuring a vCenter Single Sign On Identity Source using LDAP with SSL (LDAPS) (2041378)

Purpose

This article provides steps to configure an Identity Source in vCenter Single Sign On to use a secured LDAP over SSL (LDAPS) connection. This is appropriate in secure environments to encrypt all LDAP traffic on between vCenter Server and the authorizing Identity Source.

Caution: This article provides is a general how-to guide. Consult with the Directory Administrators in your organization for specific procedures. 

Resolution



To configure an Identity Source in vCenter Single Sign On to use a secured LDAPS:
  1. Log in to a Domain Controller on the domain.
  2. Click Start, type mmc, and click OK.
  3. Click File > Add/Remove Snap-in.
  4. Click Certificates > Add.
  5. Select Computer account and click Next.
  6. If you are working at the LDAP server requiring the certificate, select Local. Otherwise, select Another computer and click Browse to locate the LDAP server requiring the certificate.
  7. When you have the correct computer selected, click OK > Finish.
  8. In Add or Remove Snap-ins, click OK.
  9. In the console tree, expand Certificates (<computer>).
  10. In the certificates console of a computer that contains a certificate that can be used for Server Authentication, right-click the certificate, click All Tasks > Export
  11. On the Certificate Export Wizard welcome screen, click Next.
  12. On the Export Private Key screen, select No, do not export the private key and click Next
  13. On the Export File Format screen, select Base-64 encoded X.509 (.CER) and click Next.
  14. On the File to Export screen, choose a name and location to save the certificate and click Next.
  15. Click Finish to save the certificate file.
  16. Log in to the vSphere Web Client using an Single Sign On Administrator. The default account is admin@System-Domain.
  17. Click Administration.
  18. Under the Sign On and Discovery section, click Configuration, then click the green Add Identity Source option at the top.
  19. Enter the required information in the Add Identity Source wizard. When completed, click Choose Certificate and browse to the location of the Certificate you saved previously.
  20. You receive a confirmation message when you have imported the certificate successfully.Click OK to close the dialog and OK again to finalize adding the new identity source.
  21. If you want to include this new Identity Source in the Default Domains, select the Identity Source from the list and click Add to Default Domains icon.

Additional Information

The steps in this article assume that the Domain Controller in question has a valid certificate available for Exporting for Server Authentication. If it is not available in the Personal > Certificates tab, you need to start by making that certificate available. 

For information on configuring the LDAP server to use SSL, see the Microsoft article LDAP over SSL (LDAPS) Certificate.
 

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings
Actions
KB: