Enabling LDAPS on Server 2008R2

[Beer4Me]

Does anyone have any experience enabling Secure LDAP/AD on Server 2008+ environment?
I'm having a hell of a time getting it to work.

Background: I set up an Openfire server that is using LDAP/AD for account mgmt and authentication. SSL is enabled on that server (Debian Squeeze) no issues. I need it to pass AD credentials back to my PDC over SSL (tcp 636), otherwise p/w are sent over plain text.

I've been using this tech art from MS http://support.microsoft.com/kb/321051, which worked, but then I had to re-build the certificates because I discovered that I had configured the Cert Services incorrectly upon role installation.

What I have:
PDC (Server 2008r2) > AD Cert Services configured as Standalone Root Authority
DC (Server 2008r2) > AD Cert Services configured as Standalone Subordinate

Both have their certs installed for each machine, and private keys issued. I then created an additional cert for each machine just for "server authentication" following the MSKB above and installed that.

Run ldp.exe and port 636 still can't connect. Ugh, extremely frustrating, I don't know why MS couldn't have made this process easier.
Any help is greatly appreciated.

 

[dphantom]

review this http://social.technet.microsoft.com/wiki/contents/articles/2980.aspx link. should give you everything you need. LDAPS is pretty straight forward unless you dink around with the CA and then it can get ugly cleaning things up.