Trying to connect to Active Directory via LDAPS
- From: Drown Alan <adrown@xxxxxxxxxxxx>
- Date: Tue, 21 Nov 2006 08:50:34 -0800
Hi all,
I have a need to connect securely to AD via LDAP.
My AD Server appears to have both a self-signed cert and a purchased cert
stored locally.
When I connect remotely to AD via 636 it fails because it cant verify the
cert. see below:
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: Error, self signed certificate
tls_write: want=7, written=7
0000: 15 03 01 00 02 02 30 ......0
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
When I look at my AD server¹s local certificates it has both the self-signed
and my 3rd party cert installed but the one that AD is using for
connections on 636 appears to be the self-signed cert.
The 3rd party cert works fine for OWA and Outlook connections.
How do I get AD to use the 3rd party cert?
In an effort to force it to use the installed signed cert, I removed the
self-signed cert.
Now, when I connect via 636 it logs event 1220¹s in the Directory Server
event logs, see below:
LDAP over Secure Sockets Layer (SSL) will be unavailable at this time
because the server was unable to obtain a certificate.
Is it not possible to have AD use a 3rd party cert for SSL connections to
LDAP.
Did I just mess up my system?
Any help would be greatly appreciated.
TIA
Alan
- Prev by Date: Event ID 5774 / DNS Registrations fail and AD does not replicate
- Next by Date: Re: How to start remote registry server and set to automatic
- Previous by thread: Event ID 5774 / DNS Registrations fail and AD does not replicate
- Next by thread: Re: How to start remote registry server and set to automatic
- Index(es):
Relevant Pages
|
