Re: ADAM with ssl
From: Sumaira Ahmad (sumaira.ahmad_at_gmail.com)
Date: 10/08/04
- Next message: Andrei Ungureanu: "Re: LDIFDE Import and Export Directory Objects to AD"
- Previous message: Joonwon Yi: "cannot find new domain controller after removing PDC(old DC)"
- In reply to: Lee Flight: "Re: ADAM with ssl"
- Next in thread: Lee Flight: "Re: ADAM with ssl"
- Reply: Lee Flight: "Re: ADAM with ssl"
- Messages sorted by: [ date ] [ thread ]
Date: 8 Oct 2004 02:41:12 -0700
Hi Lee,
I was reading your chain of mails on this topic and the steps to be
carried out for the same as given below:
Using a certificate with an ADAM instance
(1) on the ADAM server look in:
c:\documents and settings\All
Users\ApplicationData\Microsoft\Crypto\RSA\MachineKeys
and note what keys are there
Me: I did that
(2) on the ADAM server request and install a server certificate
for use by ADAM in the Computer Personal certificate store or
the ADAM Instance personal certificate store (preferred)
Use the MMC Certificates snap-in to install the certificate.
The cert needs to be issued to the FQDN of the machine, and it
should be issued for Server Authentication.
Me: I used the test certificates that were shipped with WSE 2.0. The
certificates are issued to WSE2QuickStartServer. Will taht work?? If
not can u please tell me as to how to obtain a certificate that is
issued to the FQDN of the machine( What does FQDN stand for :-)???) If
its a domain, then I wanted to let u know that I am working on Win XP
Pro and my machine belongs to a workgroup and it is not part of any
domain.
(3) on the ADAM server look in:
c:\documents and settings\All
Users\ApplicationData\Microsoft\Crypto\RSA\MachineKeys
and see what new key is there as a result of (2) and grant READ
permission on that key for the ADAM service account.
NOTE you need to set the permission on the key, the keys
in that folder do not inherit permissions
SA: I used the WSE Server private key and noticed the new key.. But I
am not able to view NETWORK SERVICE account when I do an add user in
the security tab of the properties for that key and any other key in
the MachineKey folder.I try to add it, but it does not show up in the
options to select. Strangely so, it is showing up for every other
folder's security property such as MachineKeys folder. Any idea why
that is so??
So just confirming, I have to add NETWORK SERVICE account because that
is the account under which the ADAM service is running??
(4) install or restart an ADAM instance on the server
SA: Did not get till here...:-)..........
Please advice,
Thanks,
Sumaira
"Lee Flight" <lef@le.ac.uk-nospam> wrote in message news:<#rLgdSjqEHA.4008@TK2MSFTNGP14.phx.gbl>...
> Here are some notes that might help, if not post back
> what problem you are having.
>
> Using a certificate with an ADAM instance
>
> (1) on the ADAM server look in:
>
> c:\documents and settings\All
> Users\ApplicationData\Microsoft\Crypto\RSA\MachineKeys
>
> and note what keys are there
>
> (2) on the ADAM server request and install a server certificate
> for use by ADAM in the Computer Personal certificate store or
> the ADAM Instance personal certificate store (preferred)
> Use the MMC Certificates snap-in to install the certificate.
>
> The cert needs to be issued to the FQDN of the machine, and it
> should be issued for Server Authentication.
>
> (3) on the ADAM server look in:
>
> c:\documents and settings\All
> Users\ApplicationData\Microsoft\Crypto\RSA\MachineKeys
>
> and see what new key is there as a result of (2) and grant READ
> permission on that key for the ADAM service account.
>
> NOTE you need to set the permission on the key, the keys
> in that folder do not inherit permissions
>
> (4) install or restart an ADAM instance on the server
>
> (5) On the ADAM server, run ldp.exe and Connect.
>
> In the server field: put the name of the ADAM server as it appears
> in the Issued To column of the Certificate MMC when you added the
> certificate
>
> In the Port Box put the port number for the ADAM instance
> SSL and check the SSL box.
>
> You should see an ldap_sslint connection initiate and
> hopefully connect.
>
> When you attempt to connect from a client other than
> the ADAM server itself (localhost) the client should
> specify the FQDN of the server that the server was
> issued to and the client must trust the Certificate
> Authority that issued the certificate.
>
> If the connection fails check the event log for the ADAM instance,
> the presence of Event Id: 1220
>
> Description:
> LDAP over Secure Sockets Layer (SSL) will be unavailable
> at this time because the server was unable to obtain a certificate.
>
> Indicates that the ADAM instance has not found a usable
> certicifcate, this is often due to permissions not being set [see
> step(3) above]
>
> Lee Flight
>
> "himanshu Khona" <himanshukhona@hotmail.com> wrote in message
> news:2d2501c4aa31$8a5a0010$a301280a@phx.gbl...
> > Anybody have any ideas how to configure ADAM with SSL?
> > I found a small note in FAQ but that didn't help much.
> > Himanshu
> >
- Next message: Andrei Ungureanu: "Re: LDIFDE Import and Export Directory Objects to AD"
- Previous message: Joonwon Yi: "cannot find new domain controller after removing PDC(old DC)"
- In reply to: Lee Flight: "Re: ADAM with ssl"
- Next in thread: Lee Flight: "Re: ADAM with ssl"
- Reply: Lee Flight: "Re: ADAM with ssl"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
