SSL and Active Directory (LDAPS)
I needed to setup secure LDAP for my lab and was not sure how to do it. I did not want to purchase a certificate, and I did not want to have to install a Windows CA either.
I found a self SSL certificate generator in the IIS 6.0 Resource Kit called selfSSL.
With selfSSL I was able to create a self-signed certificate.
1) run selfSSL. Make sure the CN=fully qualified hostname (i.e. mydc.putyourdomainhere.com). Also the default validity period is low, so I used a year. I took defaults for the rest of the settings.
2) start the certificates MMC (for the computer) and copy the personal certificate to the trusted root certificate store.
3) start the Internet Service Manager Snap-ip and remove the SSL from the default website (optional)
4) reboot
Thats it! I tested it with LDP and it showed an SSL connection.