@JaredBusch said in Create Internal CA for Windows LDAPs and Linux apps:

@pmoncho said in Create Internal CA for Windows LDAPs and Linux apps:

When I export the key, I want to export the private key as well?

That depends. If you are only ever going to have devices using the key to auth against the DC that you created it on, then no.

But if you need to install the cert on a device and then have another device auth to that first device, then that first device needs the private key.

Thank you for the explanation.

Had this error after installing a new commercial certificate. The error seems valid as my server hostname and certificate name do not match, but it is my understanding this name mismatch is allowed and should still work.

To resolve this I just ran these two commands as Zimbra user.
zmlocalconfig -e ldap_starttls_required=false
zmlocalconfig -e ldap_starttls_supported=0

I am slightly concerned as to the security implications of disabling these settings. I am still on ldap not ldaps and this is on CentOS 7.

Radius
https://blog.ubnt.com/2016/11/04/managing-radius-authentication-unifi/
http://www.petenetlive.com/KB/Article/0000685
http://thesolving.com/server-room/configure-radius-server-windows-authenticate-cisco-vpn-users/

For LDAPS see below:
http://www.petenetlive.com/KB/Article/0000962
https://www.petri.com/enable-secure-ldap-windows-server-2008-2012-dc