I'm trying to secure our domain so when LDAP queries are made from another computer they are encrypted with SSL.
I followed this guide even thought I am using Windows 2008 R2.
I added the Active Directory Certificate Services role with mostly default settings, made sure it's Enterprise Root CA (as the guide suggests)
I login to a Windows 7 computer (all firewalls disabled), and using the Java-based app JXplorer (is there anything better?) doing some LDAP querie (or trying, at least), the problem is I can't seem to connect to the server using anything but GSSAPI (don't even know what that is), I tried other options but doesn't connect.
The guide doesn't mention anything else other than installing CA on the server, I'm wondering if there are any other configurations that need to be performed in order to force SSL for LDAP queries.
Many thanks.
You never actually say you're running Active Directory on 2008 R2, but I'll assume that's the case.
First off, you do not need to install Certificate Services on your domain controller or make it a Certification Authority. Your DC just needs a single "valid" SSL certificate assigned to it that your LDAP client "trusts".
There are a variety of ways to get a certificate for your DC. Installing a Certification Authority (like AD Certificate Services) and using it to generate your "domain controller" certificate is one way, but not the only way. And it is generally considered unwise to make your domain controller the certification authority. Put it on a dedicated machine, instead.
You can also get a certificate from a third party CA just like you would for a web server. It's a little more complicated because a domain controller certificate has different attributes it needs in order to be "valid". Here's a link from Microsoft on the subject: How to enable LDAP over SSL with a third-party certification authority
Once you have your certificate installed and working on the DC, you should be able to point your LDAP client to port 636 or 3269 (for GC connection) and be good to go.