Monthly Archives: August 2013

Installing Certificate Services, and configuring LDAPS on a SonicWALL

Assumptions: SonicOS 5.8+ and Windows Server 2008 R2 Enterprise running as a domain controller.

  1. On the Domain Controller: Open “Server Manager”, click “Roles”, click “Add Roles”.
  2. Click “Next >”, ensure there is a check mark next to “Active Directory Certificate Services”, click “Next >”, Click “Next >”, Ensure there is a check mark in the boxes “Certification Authority”, “Certification Authority Web Enrollment”, and “Online Responder” (Certification Authority Web Enrollment” and “Online Responder” are not technically needed, but are common parts of a CA infrastructure that should also be installed if you are installing a CA), Click “Next >”, Approve the installation of the IIS components that are required to run the Web Enrollment, Select the “Enterprise” radio button and click “Next >”, Select the “Root CA” radio button and then click “Next >”, Select the “Create a new private key” radio button and then click “Next >”, Select “RSA#Microsoft Software Key Storage Provider”, “4096”, and “SHA512” from the drop down boxes, click “Next >”, Edit the Common Name for the CA if desired, and then click “Next >”, Change the validity period if desired, and then click “Next >”, Click “Next >” to leave the database in its default location, click “Next >” to install IIS, Leave default IIS installation options checked, and click “Next >”, click “Install”, Click “Close”.
  3. From the Domain Controller, open Internet Explorer, and go to http://127.0.0.1/certsrv, when prompted login with the Domain Administrator account.
  4. Click the link “Download a CA Certificate, certificate chain, or CRL”
  5. Select the certificate with the common name from step 2, and then ensure the radio button “DER” is selected, click “Download CA Certificate”.
  6. Rename this certificate to match that of the common name and save it on the desktop.
  7. Login to the SonicWALL.
  8. Expand “System” from the left hand pane, and then click “Certificates”.
  9. Click “Import…” at the bottom.
  10. Select the radio button “Import a CA certificate from a PKCS#7 (.p7b), PEM (.pem), or DER (.der or .cer) encoded file.” Is selected, and then click “Browse…” Select the certificate with the common name that you set in step 2. Click “Open”, Click “Import”.
  11. Expand “Users” from the left hand pane of the SonicWALL, click “Settings”.
  12. Change the drop down box titled “Authentication method for login: “ to “LDAP + Local Users”.
  13. Ensure that the check box “Case-sensitive user names” is UnChecked.
  14. Click “Accept” at the top.
  15. Click the “Configure…” button next to the “Authentication method for login: “ drop down box.
  16. On the “Settings” tab enter the IP address of the Domain controller in the box titled “Name or IP Address:”, Change “Port Number:” to “636”, change the radio button selection to “Give login name/location in tree”, Enter a Active Directory user account( a service account with “Domain Guest” group membership will suffice) in the “Login user name:” field, enter the password for the account in the “Login password:” field, UnCheck “require valid certificate from server”.
  17. On the “Directory” tab enter the following: In the “Primary Domain:” field enter the DNS active Directory Domain Name, change the “User tree for login to server:” to the full path of where the service account (used on the Settings tab) is located in Active Directory (spaces are okay), click “Apply”.
  18. Click “Auto-Configure” to test populate the directories in AD which contain Users or Groups.

So long as your list populated with OUs you should be good, this is everything you need to do in order to secure the connection between your SonicWALL and your domain controller.