Re: ADAM SSL
From: CY (anonymous_at_discussions.microsoft.com)
Date: 05/13/04
- Next message: jrc: "RE: startup script"
- Previous message: CY: "Re: ADAM SSL"
- In reply to: Dmitri Gavrilov [MSFT]: "Re: ADAM SSL"
- Next in thread: Dmitri Gavrilov [MSFT]: "Re: ADAM SSL"
- Reply: Dmitri Gavrilov [MSFT]: "Re: ADAM SSL"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 13 May 2004 01:56:04 -0700
I tried giving full control for Everyone on my test ADAM server but still failed to connect.
This is the test certificate I imported into the Trusted root CA store on the client (a machine in the same domain). adam.domain.local is my adam server. Do u think this is a certificate issuing problem or ADAM SSL problem?
================ Certificate 4 ================
Serial Number: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Issuer: CN=adam.domain.local, DC=DOMAIN, DC=local
Subject: CN=adam.domain.local, DC=DOMAIN, DC=local
Certificate Template Name: CA
CA Version: V0.0
Signature matches Public Key
Root Certificate: Subject matches Issuer
Template: CA, Root Certification Authority
Cert Hash(sha1): xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Key Container = adam.domain.local
Provider = Microsoft Strong Cryptographic Provider
Signature test passed
----- Dmitri Gavrilov [MSFT] wrote: -----
AD (lsass) and ADAM (dsamain) run under different service accounts usually.
You must make sure ADAM's service account has read access to the private key
corresponding to the cert. It is stored in a file in c:\documents and
settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys folder.
--
Dmitri Gavrilov
SDE, Active Directory Core
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"CY" <cyli28@hotmail.com> wrote in message
news:#SU6E1wNEHA.3348@TK2MSFTNGP09.phx.gbl...
> Yes I have done that, gave full control to network service and
administrator
> accounts. Stilll cannot figure out why I can connect to port 636 (which
> means no problem with the certificate right?) but not to 50001.
>> "Lee Flight" <lef@le.ac.uk-nospam> wrote in message
> news:u66SO8mNEHA.3712@TK2MSFTNGP10.phx.gbl...
>> Have you checked the "start_here.htm" file that ships with ADAM in the
>> section on "Using SSL certificates with ADAM" it explains that
permission
>> is required on the on-disk certificate store for the account running the
>> ADAM
>> instance (service).
>>>> Bear in mind the usual reservation over how wise it is to use a Domain
>> Controller
>> for running other services (ADAM in this case).
>>>> --
>> Lee Flight
>>>> "CY" <cyli28@hotmail.com> wrote in message
>> news:u%23jUw5jNEHA.3476@TK2MSFTNGP09.phx.gbl...
>>> Hi,
>>> I am trying to connect to my ADAM instance running on a domain
> controller
>>> (ssl port 50001) using SSL. I have installed the certificate into
local
>>> computer cert store. I can connect to default SSL port 636 at
localhost
>> but
>>> cannot connect to my instance's SSL port at 50001, see error below. I
>> have
>>> checked that port 50001 is listening. How do i connect to the
> instance's
>>> SSL port?
>>>>>> ld = ldap_sslinit("localhost", 50001, 1);
>>> Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION,
>>> LDAP_VERSION3);
>>> Error <0x51> = ldap_connect(hLdap, NULL);
>>> Server error: <empty>>>> Error <0x51>: Fail to connect to localhost.
>>>>>>>>> Thanks
>>> CY
>>>>>>>>>>>>
- Next message: jrc: "RE: startup script"
- Previous message: CY: "Re: ADAM SSL"
- In reply to: Dmitri Gavrilov [MSFT]: "Re: ADAM SSL"
- Next in thread: Dmitri Gavrilov [MSFT]: "Re: ADAM SSL"
- Reply: Dmitri Gavrilov [MSFT]: "Re: ADAM SSL"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
