Re: ADAM SSL
- From: Donté Henry <DontHenry@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 1 Dec 2005 20:11:02 -0800
Lee,
Thanks a lot for the troubleshooting suggestions. I ended up using the SSL
Diagnostics tool from Microsoft (SSLDiag.msi) which was helpful in isolating
the problem we were experiencing. As you suggested, the certificate we were
using did *not* have a valid private key. I executed the following command
to rebuild the private key:
certutil –repairstore my CertSerialNumber
Where "CertSerialNumber" is the serial number of the imported ADAM SSL
certificate (this can be found by executing the following command: certutil
-store my).
Once the private key was generated, I moved the certificate (using the
Certificates MMC snap-in) from the Local Computer personal store to the ADAM
Service personal store and restarted the ADAM service. SSL connections to
the ADAM directory instance worked perfectly.
Thanks again for your help!
Donté
"Lee Flight" wrote:
> Hi
>
> have you tied bumping the diagnostic logging of the Schannel
> security provider
>
> http://support.microsoft.com/?id=260729
>
> try setting the level to 0x7 and then attempt an LDAP/SSL connection.
>
> Also when you open the cert in the Certificates MMC does it show as
> valid, having a corresponding private key, valid cert path etc.,
>
> Lee Flight
>
>
>
> "Donté Henry" <DontHenry@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:5941DF26-924C-45EE-9D7F-AC7C4C12CB91@xxxxxxxxxxxxxxxx
> > All,
> >
> > -----------
> > LEE: Before you send the URL link to your Google Groups notes, PLEASE READ
> > THIS: Our ADAM service has been granted FULL ACCESS permissions to ALL
> > key
> > stores on the ADAM server. Your notes do not seem to address the problem
> > we're experiencing.
> > ------------
> >
> > I saw a previous post where Steven asked about setting up ADAM to use an
> > SSL
> > certificate. However, I didn't see any solution posted. Here's our
> > situation:
> >
> > We have installed a Versign cert. to enable ADAM to accept SSL
> > connections.
> > After installing the cert., verify that it works with IIS, granting the
> > ADAM
> > service read permission to the key container, and moving the cert. to the
> > ADAM service store, we still get the following error when attempting to
> > establish an SSL connection to our ADAM directory:
> >
> > Event ID: 1220
> > Source: LDAP Interface
> >
> > "LDAP over Secure Sockets Layer (SSL) will be unavailable at this time
> > because the server was unable to obtain a certificate.
> >
> > Additional Data
> > Error value:
> > 8009030e No credentials are available in the security package"
> >
> > Is there an extra step required to enable ADAM to utilize the installed
> > certificate?
> >
> > Thanks for your help!
> >
>
>
>
.
- References:
- Re: ADAM SSL
- From: Lee Flight
- Re: ADAM SSL
- Prev by Date: Re: WSUS and XPSP2 [WILDPACKET]
- Next by Date: Re: WSUS and XPSP2 [WILDPACKET]
- Previous by thread: Re: ADAM SSL
- Next by thread: Re: Upgrading Hardware on DC
- Index(es):
Relevant Pages
|
