The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Configuring a vCenter Single Sign On Identity Source using LDAP with SSL (LDAPS) (2041378)
Caution: This article provides is a general how-to guide. Consult with the Directory Administrators in your organization for specific procedures.
To configure an Identity Source in vCenter Single Sign On to use a secured LDAPS:
- Log in to a Domain Controller on the domain.
- Click Start, type mmc, and click OK.
- Click File > Add/Remove Snap-in.
- Click Certificates > Add.
- Select Computer account and click Next.
- If you are working at the LDAP server requiring the certificate, select Local. Otherwise, select Another computer and click Browse to locate the LDAP server requiring the certificate.
- When you have the correct computer selected, click OK > Finish.
- In Add or Remove Snap-ins, click OK.
- In the console tree, expand Certificates (<computer>).
- In the certificates console of a computer that contains a certificate that can be used for Server Authentication, right-click the certificate, click All Tasks > Export.
- On the Certificate Export Wizard welcome screen, click Next.
- On the Export Private Key screen, select No, do not export the private key and click Next.
- On the Export File Format screen, select Base-64 encoded X.509 (.CER) and click Next.
- On the File to Export screen, choose a name and location to save the certificate and click Next.
- Click Finish to save the certificate file.
- Log in to the vSphere Web Client using an Single Sign On Administrator. The default account is admin@System-Domain.
- Click Administration.
- Under the Sign On and Discovery section, click Configuration, then click the green Add Identity Source option at the top.
- Enter the required information in the Add Identity Source wizard. When completed, click Choose Certificate and browse to the location of the Certificate you saved previously.
- You receive a confirmation message when you have imported the certificate successfully.Click OK to close the dialog and OK again to finalize adding the new identity source.
- If you want to include this new Identity Source in the Default Domains, select the Identity Source from the list and click Add to Default Domains icon.
For information on configuring the LDAP server to use SSL, see the Microsoft article LDAP over SSL (LDAPS) Certificate.
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.