Lexmark X782e PKI-Enabled Pre-Installation Guide - Page 37

LDAP Directory Information, 5 Domain Controller Certificates

Get Lexmark X782e PDF manuals and user guides View all Lexmark X782e manuals
Add to My Manuals
Save this manual to your list of manuals

Page 37 highlights

PKI Pre-Installation Guide mil = #####_DOMAIN.NAME.MIL_##### If this configuration file is needed, use the above template to create the file and have it ready at install time. 7.4 LDAP Directory Information Possible LDAP directories to use can be supplied by the Window Administrator. The Administrator will also have to determine the access rights: Anonymous, User's Credentials, or Service Account. The administrator may also be able to specify if SSL is required to be used. A useful tool for browsing the LDAP directory is found at http://www.ldapbrowser.com. The standard version, not the administrator version, browser can be used. Microsoft supplies an LDP.EXE LDAP browser in some of their toolkits and support tools. LDP may already be loaded on a workstation. LDP has a less friendly user interface than the one provided by ldapbrowser.com. Once the LDAP browser is available, the LDAP directory can be examined for the different data needed by the PKI applications. 7.5 Domain Controller Certificates The local administrator should know how to obtain the certificates for the domain controller; they can typically be downloaded from an internal website. If this is not available, the certificates can also be located in the Windows workstation's certificate cache which can be examined using Internet Explorer. In Internet Explorer version 6 or 7, the cache can be accessed in IE by going to: Tools | Internet Options | Content | Certificates. Select the Intermediate Certification Authorities tab or the Trusted Root Certification Authorities tab. Find the certificate in the list; highlight it, and the click Export. For the format, choose Base-64 encoded X.509. Repeat this for each certificate that is needed. When finished, combine all the single text files into one text file, such as: -----BEGIN CERTIFICATE----MIIE1jCCA76gAwIBAgIQY6sV0KL3tIhBtlr4gHG85zANBgkqhkiG9w0BAQUFADBs ... l3DTbPe0mnIbTq0iWqKEaVne1vvaDt52iSpEQyevwgUcHD16rFy+sOnCaQ== -----END CERTIFICATE---------BEGIN CERTIFICATE----MIIE1zCCA7+gAwIBAgIQZWAEBZ+h+L5AKmbyl9hgSzANBgkqhkiG9w0BAQUFADBn ... l3DTbPe0mnIbTq0iWqKEaVne1vvaDt52iSpEQyevwgUcHD16rFy+sOnCaQ== -----END CERTIFICATE----- Save this file and have it ready at install time. Version 2.0.0 Page 33

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
PKI Pre-Installation Guide
Version 2.0.0
Page 33
mil = #####_DOMAIN.NAME.MIL_#####
If this configuration file is needed, use the above template to create the file and have it ready at
install time.
7.4 LDAP Directory Information
Possible LDAP directories to use can be supplied by the Window Administrator.
The
Administrator will also have to determine the access rights: Anonymous, User’s Credentials, or
Service Account.
The administrator may also be able to specify if SSL is required to be used.
A useful tool for browsing the LDAP directory is found at
.
The
standard version, not the administrator version, browser can be used.
Microsoft supplies an
LDP.EXE LDAP browser in some of their toolkits and support tools.
LDP may already be
loaded on a workstation.
LDP has a less friendly user interface than the one provided by
ldapbrowser.com.
Once the LDAP browser is available, the LDAP directory can be examined for the different data
needed by the PKI applications.
7.5 Domain Controller Certificates
The local administrator should know how to obtain the certificates for the domain controller;
they can typically be downloaded from an internal website.
If this is not available, the
certificates can also be located in the Windows workstation’s certificate cache which can be
examined using Internet Explorer.
In Internet Explorer version 6 or 7, the cache can be accessed in IE by going to:
Tools | Internet
Options | Content | Certificates.
Select the Intermediate Certification Authorities tab or the Trusted Root Certification Authorities
tab.
Find the certificate in the list; highlight it, and the click Export.
For the format, choose
Base-64 encoded X.509.
Repeat this for each certificate that is needed.
When finished,
combine all the single text files into one text file, such as:
-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgIQY6sV0KL3tIhBtlr4gHG85zANBgkqhkiG9w0BAQUFADBs
l3DTbPe0mnIbTq0iWqKEaVne1vvaDt52iSpEQyevwgUcHD16rFy+sOnCaQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgIQZWAEBZ+h+L5AKmbyl9hgSzANBgkqhkiG9w0BAQUFADBn
l3DTbPe0mnIbTq0iWqKEaVne1vvaDt52iSpEQyevwgUcHD16rFy+sOnCaQ==
-----END CERTIFICATE-----
Save this file and have it ready at install time.