Caveat:
This is not a guide to installing Windows Certificate Services. For a guide to doing that go to: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wcedsn40/html/cghowinstallingcertificateservicesiisiasonwindowsserver2003.asp
This document assumes familiarity with windows systems admin tools, such as the Microsoft Management Console (MMC).
With the advent of Windows Server 2003 Service Pack 1, the cert services root cert is no longer need to get this to work. Instead, you must obtain a copy of the Domain Controller certificate and refer to that on your *nix box instead.
Click on all images to enlarge them.To obtain a copy of this server certificate and the private key you must open the Certificates MMC Snap-in on a DC in your windomain that holds the global catalog, choose 'computer account', and 'local computer'
Now, using openssl's pkcs12 tool, convert this file into PEM format: you will need the password you created in the wizard earlier. Then you will be asked to create a new password for access to the newly exported PEM file. For this example we have changed the name of the original file to testserver.pfx. Remember this pkcs12 file contains both the private key and the certificate, so we can use this for our OpenLDAP install to communicate via SSL, the only way to change account passwords (unicodePwd attribute) in AD.
