Re: ADAM wirh SSL
- From: MichaelB <MichaelB@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 12 Mar 2007 04:33:00 -0700
I finally got mine working. I noticed that everything is in the request. The
more details you put in there, the better chance of getting a vaild cert.
Most importantly, you need to add the line "Exportable = TRUE". This is the
key entry. With this entered, it will be able to export the cert and validate
it once onto you system.
Give it a try and let me know.
Thanks to everyone.
Michael
"Joe Kaplan" wrote:
Thanks again for your persistence. :).
The cert is in both the local machine personal store and trust roots store,
so I think I'm covered there.
Unfortunately, I have 174 files (!) in my machinekeys directory, so I'm not
quite sure what they all are. I am certain that I've ACLed the correct
file, as I used a tool to verify which private key file corresponded to the
the cert in question.
I've messed around with Regmon/Filemon looking for various access denied
errors and haven't seen anything that points to the problem.
I think I might just try to back the whole thing out and start over. I'm
afraid that something is in a foul state somewhere and I'm not going to be
able to fix it. I just wish there was some way to get some additional debug
spew from CryptoAPI that would help pinpoint why it is complaining about
this problem. I'd like to be able to find the root cause instead of giving
up. I'm also nervous about blowing another afternoon staring at it. I've
got some other stuff to do. :)
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Lee Flight" <lef@xxxxxxxxxxxxxxx> wrote in message
news:%23WsOyEzXHHA.3520@xxxxxxxxxxxxxxxxxxxxxxx
I just tried a repro using selfssl.exe, I ran it on a W2K3 IIS server,
setting the
canonical name to be the FQDN of my target WinXP box (and /v:365),
exported
the cert + private key and imported into the WinXP Computer store
(rather than ADAM Instance store to try and hit your problem) and set
permissions
on the key file.
LDAP/SSL connect failed with "No suitable default server credential exists
on this
system....", I then added a copy of the cert to Trusted Root Certification
Authorities
for Computer account (copy/paste in certifcates MMC). When I restarted the
ADAM
service the LDAP/SSL connect worked; so I don't have a problem but that
does not help
you :(.
Do you have any other keys in the MachineKeys folder that might be
throwing this out?
Lee Flight
- References:
- Re: ADAM wirh SSL
- From: Joe Kaplan
- Re: ADAM wirh SSL
- From: Lee Flight
- Re: ADAM wirh SSL
- From: Joe Kaplan
- Re: ADAM wirh SSL
- From: Dmitri Gavrilov [MSFT]
- Re: ADAM wirh SSL
- From: Joe Kaplan
- Re: ADAM wirh SSL
- From: Lee Flight
- Re: ADAM wirh SSL
- From: Joe Kaplan
- Re: ADAM wirh SSL
- Prev by Date: RE: AX
- Next by Date: Re: KCC ignores bridgehead
- Previous by thread: Re: ADAM wirh SSL
- Next by thread: Re: Need Help with 2nd Domain Controller
- Index(es):
Relevant Pages
|
