Re: ADAM wirh SSL

Thanks again for your persistence. :)

The cert is in both the local machine personal store and trust roots store,
so I think I'm covered there.

Unfortunately, I have 174 files (!) in my machinekeys directory, so I'm not
quite sure what they all are. I am certain that I've ACLed the correct
file, as I used a tool to verify which private key file corresponded to the
the cert in question.

I've messed around with Regmon/Filemon looking for various access denied
errors and haven't seen anything that points to the problem.

I think I might just try to back the whole thing out and start over. I'm
afraid that something is in a foul state somewhere and I'm not going to be
able to fix it. I just wish there was some way to get some additional debug
spew from CryptoAPI that would help pinpoint why it is complaining about
this problem. I'd like to be able to find the root cause instead of giving
up. I'm also nervous about blowing another afternoon staring at it. I've
got some other stuff to do. :)

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Lee Flight" <lef@xxxxxxxxxxxxxxx> wrote in message
news:%23WsOyEzXHHA.3520@xxxxxxxxxxxxxxxxxxxxxxx
I just tried a repro using selfssl.exe, I ran it on a W2K3 IIS server,
setting the
canonical name to be the FQDN of my target WinXP box (and /v:365),
exported
the cert + private key and imported into the WinXP Computer store
(rather than ADAM Instance store to try and hit your problem) and set
permissions
on the key file.

LDAP/SSL connect failed with "No suitable default server credential exists
on this
system....", I then added a copy of the cert to Trusted Root Certification
Authorities
for Computer account (copy/paste in certifcates MMC). When I restarted the
ADAM
service the LDAP/SSL connect worked; so I don't have a problem but that
does not help
you :(.

Do you have any other keys in the MachineKeys folder that might be
throwing this out?

Lee Flight



.

Relevant Pages

  • Re: Finding Certificates for decryption
    ... To open the root cert store you can use CertOpenystemStore ... even though it's basically the only certificate in my system. ...
    (microsoft.public.platformsdk.security)
  • add Root CA cert in ASP
    ... programmatically add the Root CA cert to the users' Trusted Root CA store. ... to a page that explains why they need to install the certificate and prompts ...
    (microsoft.public.dotnet.framework.aspnet)
  • add Root CA cert in ASP
    ... programmatically add the Root CA cert to the users' Trusted Root CA store. ... to a page that explains why they need to install the certificate and prompts ...
    (microsoft.public.inetserver.asp.general)
  • Re: Certificate Stores
    ... The general rule is that if you import a private key with the cert (example ... a PFX file) - it will go into the user personal store known as the "MY" ... If there is no private key, and the cert is self signed, and it is a root CA ...
    (microsoft.public.win2000.security)
  • Re: Accessing certificate store from ASP.NET web project
    ... the cert must be in the local computer/personal) store - it will then open ... Have a look at the source code to open the right cert store... ... One of the locations requires a x509 certificate in order ... different user context than my vb.net web project. ...
    (microsoft.public.dotnet.security)