Re: AD & LDAPs

From: Dmitri Gavrilov [MSFT] (dmitrig_at_online.microsoft.com)
Date: 03/30/04 

Date: Tue, 30 Mar 2004 11:31:54 -0800

Make sure the client trusts the cert. Add the CA cert to "trusted roots"
store. Also, make sure the cert is issued to the full dns name of the
machine, and you also have to connect to this full dns name. 

-- 
Dmitri Gavrilov
SDE, Active Directory Core
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Rover" <bla@bla.com> wrote in message news:c4c38b$3th$1@news.cistron.nl...
> Hi,
>
> I'm trying to config ssl for ldap, bacause i want my selfmade program to
> talk ldap over ssl.  We have a computer named froggy (cn=froggy ,
> dc=dfroggy, dc=qatesting, dc=nl) which is a windows 2003 server with AD
> installed.  I've tried many things to get SSL to work, and finally (dont
> know how i did it) the ldp.exe program can make a ssl connect when i run
> ldp.exe on froggy itself.  However, when i try to create the same
connection
> with ldp.exe from another computer, i get this error :
>
> ld = ldap_sslinit("froggy", 686, 1);
> Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION,
> LDAP_VERSION3);
> Error <0x51> = ldap_connect(hLdap, NULL);
> Server error: <empty>
> Error <0x51>: Fail to connect to froggy.
>
>
> error 0x51 is "server down" according to winldap.h .
>
> What am i missing here?   I've tried installing a certificate on my client
> machine by going to https://froggy:636 , and clicking "install cert." etc,
> but i really dont know what i'm doing here :)  When i tra a telnet to
> froggy:636 its gets a connection, but terminates when i hit a key (which i
> expected to happen, since a key hit is not ldap protocol :)) . So , no
> firewall or whatever is in my way so it seems. Also tried googling for
> answers, but just cant seem to find anything like a step by step config
plan
> for server and client.
>
> Anyone know what to do ?
>
> Thanks,
>
> JB de Rover
>
>

Relevant Pages

  • Re: SSL without certificates
    ... mccarthur@btinternet.com wrote that the client needs the server's ... because the client uses the public key from the cert to encrypt the data ... The secret key is created during the SSL handshake. ...
    (alt.computer.security)
  • Re: IIS Server/Client Authentication
    ... check whether you can browse your webpage with ssl but not requst client ... have SSL port 443 set. ... > cert selection window, but when you select a cert and click OK, you ... > the web site, my app runs fine. ...
    (microsoft.public.inetserver.iis.security)
  • Re: followup to SSL+LTC
    ... > Could someone please explain the scope of SSL and TLS. ... SSL stands for Secure Socket Layer. ... authenticates the server to the client. ... cert against a known CA cert and uses the server cert's public ...
    (sci.crypt)
  • Re: SSL Multiple Ports
    ... > IIS is used to serve SSL secured sites, ... Are you trying to use client ... The issuse is if u r using 2003 server as the WS and try to install a client web cert you get the above mentioned error. ...
    (microsoft.public.inetserver.iis)
  • Certificate issue with WCF client accessing webservice via broker
    ... I am writing a client WCF webservice and have run into difficulty trying to ... The "defaultCertificate" is the SSL ... cert thumbprint for the broker server, this certificate DNS matches the DNS ...
    (microsoft.public.dotnet.framework.aspnet.webservices)