{"id":201,"date":"2025-12-02T15:33:40","date_gmt":"2025-12-02T14:33:40","guid":{"rendered":"https:\/\/blog.wijsnet.com\/?p=201"},"modified":"2025-12-02T15:33:40","modified_gmt":"2025-12-02T14:33:40","slug":"how-to-create-and-install-a-self-signed-certificate-on-a-windows-2016-active-directory-server-to-enable-ldaps","status":"publish","type":"post","link":"https:\/\/blog.wijsnet.com\/index.php\/2025\/12\/02\/how-to-create-and-install-a-self-signed-certificate-on-a-windows-2016-active-directory-server-to-enable-ldaps\/","title":{"rendered":"How to create and install a self-signed certificate on a Windows 2016 Active Directory server to enable LDAPS"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\"><strong>Steps to create a self signed certificate:<\/strong><\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u00a0Launch Windows Powershell on the domain controller as an administrator.<\/li>\n\n\n\n<li>Generate a self-signed certificate by running the following command: <code>$domain_name = $env:userdnsdomain;<\/code> <code>$dns_name = $env:computername + '.' + $domain_name;<br><br>$date_now = Get-Date;<br><br>$extended_date = $date_now.AddYears(3);<\/code> <code>$mycert=New-SelfSignedCertificate -DnsName $dns_name -CertStoreLocation\u00a0<a href=\"http:\/\/cert\/LocalMachine\/My\" target=\"_blank\" rel=\"noreferrer noopener\">cert:\/LocalMachine\/My<\/a>\u00a0-NotAfter $extended_date;<\/code><br><br>The <code>$mycert<\/code> object contains the generated self-signed certificate which is stored on your system certificate store in the\u00a0<code>-CertStoreLocation <\/code>location.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Steps to Install the Self Signed Certificate to your Active Directory Server which enables LDAPS:<\/h2>\n\n\n\n<p>NOTE:&nbsp;This is an example of one method to carry out this procedure. It is recommended to&nbsp;consult with your system administrator or&nbsp;verify with your Active Directory documentation before proceeding. Please consult Microsoft documentation&nbsp;for specific requirements around certificates. Please consult&nbsp;<a target=\"_blank\" href=\"http:\/\/help.teradici.com\/\" rel=\"noreferrer noopener\">Teradici documentation<\/a>&nbsp;for information on what is supported by Teradici products.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u00a0Launch Windows\u00a0Powershell on the domain controller as an administrator.<\/li>\n\n\n\n<li>\u00a0Run the following command to install your certificate and configure LDAPS:<\/li>\n<\/ol>\n\n\n\n<p><code>$thumbprint=($mycert.Thumbprint | Out-String).Trim();<\/code><\/p>\n\n\n\n<p><code>$certStoreLoc='<a target=\"_blank\" href=\"http:\/\/hklm\/Software\/Microsoft\/Cryptography\/Services\/NTDS\/SystemCertificates\/My\/Certificates\" rel=\"noreferrer noopener\">HKLM:\/Software\/Microsoft\/Cryptography\/Services\/<strong>NTDS<\/strong>\/SystemCertificates\/My\/Certificates<\/a>';<\/code><\/p>\n\n\n\n<p><code>if (!(Test-Path $certStoreLoc)){New-Item $certStoreLoc -Force;};<\/code><\/p>\n\n\n\n<p><code>Copy-Item -Path&nbsp;<a target=\"_blank\" href=\"http:\/\/hklm\/Software\/Microsoft\/SystemCertificates\/My\/Certificates\/$thumbprint\" rel=\"noreferrer noopener\">HKLM:\/Software\/Microsoft\/SystemCertificates\/My\/Certificates\/$thumbprint<\/a>&nbsp;-Destination $certStoreLoc;<\/code><\/p>\n\n\n\n<p>NOTE:The default Active Directory Service instance is NTDS. If your service instance is not the default service, you need to change NTDS to the service instance name.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Steps to create a self signed certificate: Steps to Install the Self Signed Certificate to your Active Directory Server which enables LDAPS: NOTE:&nbsp;This is an example of one method to carry out this procedure. It is recommended to&nbsp;consult with your<\/p>\n<div class=\"entry-read-more\"><a class=\"read-more-link\" href=\"https:\/\/blog.wijsnet.com\/index.php\/2025\/12\/02\/how-to-create-and-install-a-self-signed-certificate-on-a-windows-2016-active-directory-server-to-enable-ldaps\/\">Read More<span class=\"cleanwp-sr-only\">  How to create and install a self-signed certificate on a Windows 2016 Active Directory server to enable LDAPS<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-201","post","type-post","status-publish","format-standard","hentry","category-uncategorized","wpcat-1-id"],"_links":{"self":[{"href":"https:\/\/blog.wijsnet.com\/index.php\/wp-json\/wp\/v2\/posts\/201","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.wijsnet.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.wijsnet.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.wijsnet.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.wijsnet.com\/index.php\/wp-json\/wp\/v2\/comments?post=201"}],"version-history":[{"count":1,"href":"https:\/\/blog.wijsnet.com\/index.php\/wp-json\/wp\/v2\/posts\/201\/revisions"}],"predecessor-version":[{"id":202,"href":"https:\/\/blog.wijsnet.com\/index.php\/wp-json\/wp\/v2\/posts\/201\/revisions\/202"}],"wp:attachment":[{"href":"https:\/\/blog.wijsnet.com\/index.php\/wp-json\/wp\/v2\/media?parent=201"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.wijsnet.com\/index.php\/wp-json\/wp\/v2\/categories?post=201"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.wijsnet.com\/index.php\/wp-json\/wp\/v2\/tags?post=201"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}