Re: ADAM & SSL connect over SSL

I just rebooted the client machine that's why I think it's very
strange.
I installed a p7b certificate on the client machine in the current user
store in his root certicate authority store.
Do I have to install it in the local computer store in the root
certificate authority store?
Thanks,

Greg D

Joe Kaplan a écrit :
You rebooted the client machine or the ADAM server (or are they the same)?
I'm not sure why the reboot would help, but it might have been needed on the
server for it to pick up the state change. Restarting the ADAM service
should probably have sufficed in that case though. I'm not really sure. :)

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"greg.drap" <gregory.draperi@xxxxxxxxx> wrote in message
news:1168450616.092760.227280@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,

I put the EventLogging at 7 and I reboot.
Now,it works but I don't know why.

When I put a certificate in the root CA certitificate do I have to
reboot?

It's very curious.

Thanks for your help

Greg Drap
Joe Kaplan wrote:
Another thing to check is to make sure the ADAM instance is actually able
to
do the server side SSL stuff. It needs to have access to the private key
of
the certificate and also trust the cert chain. There may be some errors
(Schannel in event log or possibly something in the ADAM event log, not
sure) on the server if that isn't working properly.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"greg.drap" <gregory.draperi@xxxxxxxxx> wrote in message
news:1168419534.166413.231210@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello,
I installed the root CA certificate with http://localhost/certsrv and
I can see the certificate in the Trusted Root Certificate Autorities in
local computer.I'm trying to connect with ldp.exe to my Adam and I have
this error message :

Error <0x51>: Fail to connect to CG69-SERVER.rhone.fr.
ld = ldap_sslinit("CG69-SERVER.rhone.Fr", 60000, 1);
Error 81 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>

I check errors in the System event log but there is nothing.

Thanks for you help

Greg Drap

Joe Kaplan wrote:
Yep, also check for errors from Schannel in the System event log (on
the
client) to get more debugging info as to why the remote client can't
connect.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Marc Lognoul" <MarcLognoul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:130265EF-1877-4913-89BB-69EE9B607A69@xxxxxxxxxxxxxxxx
Make sure the remote client is aware of you CA hierachy, mainly by
installing
the root CA certitificate on the client.
Depending on the client type and configuration, you may have more
things
to
check.
Please reply with details for more info.

Marc

"greg.drap" wrote:

Hi

I installed a CA on a local computer with ADAM and I can connect
with
ldp to ADAM over SSL in local but when I try to connect remotely it
doesn't work.
I can connect remotely over LDAP to ADAM so I believe it's a
trouble
of
certificates.

I install the CA certificate with certsrv.

There is something which I miss?

Thanks for your help.

Greg





.

Relevant Pages

  • Re: L2TP/IPSec from XP client to Windows 2003 Server
    ... ie no valid cert found on client - contacted Microsoft ... Windows Server 2003 Certificate Authority running ... The next step is to install Certificate Services on the Windows Server ... From Networks Connections on the client, ...
    (microsoft.public.security)
  • Re: Web Service Security
    ... installing the client certificate properly. ... you must install the certificate with a private key (usually ... asmx resource (use the ?wsdl to pull up the wsdl). ... You also should be able to apply the "requires client cert" setting at the ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Certificate Mapping - Debugging
    ... Has his client certificate's private been properly exported and installed ... the CA which issues the client certificate must be trusted by ... you may install his client cert on your machine ... Microsoft Online Community Support ...
    (microsoft.public.inetserver.iis.security)
  • Re: problem with client certificates
    ... When you request the client cert, go under the advanced options and choose ... install it on another machine. ... > if let the user install the certificate through the browser, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Client certificate error with web services
    ... "Joe Kaplan" wrote: ... Assuming that the CNs are the same in both certs, ... Client certs produced by a Microsoft CA work fine for authentication. ... certificate is mapped to a user in the SAM via certificate mapping. ...
    (microsoft.public.dotnet.security)
Loading