Re: ADAM using SSL Problem

Hi

the cert requested for the service needs to be in the ADAM service personal
store not the ADAM service Trusted root store which may explain why you
are not seeing a private key.

Lee Flight


"Rod Clingaman" <Rod Clingaman@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:536CEE03-6F59-4B29-B8C2-9307C93BC37B@xxxxxxxxxxxxxxxx
On the ADAM server(windows 2003), I add a snap/in and show the
Certificates
for current user, and for the ADAM service account.

Next I browse to http://somehost/certsrv/
Clicked on "Download a CA certificate, certificate chain, or CRL"
Clicked on "install this CA certificate chain."
I then seen the certificate in the snap-in at: Certificates - Current User
\
Trusted Root Certification Authorities \ Certificates.
I copied that certificate and pasted it in the Certificates - Service
(ADAM1) \ Trusted Root Certification Authorities \ Certificates.

Next I browse to http://somehost/certsrv/
Clicked on "Request a certificate" then "advanced certificate request",
then
"Create and submit a request to this CA". I make the following
modifications
to the default values:

Name: the FQDN of the ADAM server
Friendly Name: the FQDN of the ADAM server
Type of certificate: Server Authentication Certificate
Create new key set
CSP: Microsoft RSA SChannel Cryptographic provider
Mark keys as exportable
Request format: PKCS10

Then I submit the request and install the certificate.

I then seen the certificate in the snap-in at: Certificates - Current User
\
Personal \ Certificates.
Then I Right click the certificate and All tasks - Export.
Yes, export the private key, don't enter a password.
Store it on the Desktop/mycert.prx
Next I import into the Certificates - Service (ADAM1) \ Trusted Root
Certification Authorities \ Certificates.

Then I restart the ADAM service and launch LDP (on the ADAM server) and
use
the FQDN, the SSL port, and check the SSL box. I get the following error:

ld = ldap_sslinit("FICTIONWDA001.FIC.DEV", 50053, 1)
Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3)
Error 81 = ldap_connect(hLdap, NULL)
Server error: empty
Error 0x51: Fail to connect to FICTIONWDA001.FIC.DEV.

I noticed that the RSA\MachineKeys directory that gets mentioned in allot
of articles, never gets a new file when I install the certificates. There
are
6 old files in there with long hash names.

The server also acts as a domain controller.

Any advice is greatly appreciated!


.

Relevant Pages

  • Re: ADAM / SLL / NLB
    ... The trick to this whole thing is putting the cert in the adam service MY ... store. ... The LDAPS certificate is located in the Local Computer's Personal> certificate store. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM using SSL Problem
    ... I'm fairly sure it's lack of the private key that will be causing the ... store not the ADAM service Trusted root store which may explain why you ... Clicked on "Download a CA certificate, certificate chain, or CRL" ... the FQDN of the ADAM server ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM using SSL Problem
    ... "Lee Flight" wrote: ... the cert requested for the service needs to be in the ADAM service personal ... Clicked on "Download a CA certificate, certificate chain, or CRL" ... the FQDN of the ADAM server ...
    (microsoft.public.windows.server.active_directory)
  • Re: Computer and User Certificates Issues
    ... Enrollment of User Certificates using the custom v2 User Certificate Template ... I can NOT request the custom v2 Computer Cert nor the included v1 no ... Concerning permissions, these are the exact permissions I am using now: ...
    (microsoft.public.security)
  • Re: Cannot request computer certificate.
    ... request a computer certificate for about 9 months. ... and verify that you can get a computer/server certificate from it. ... List of NetBt transports currently bound to the Redir ... DNS Host Name: srvr3.domain.com ...
    (microsoft.public.windows.server.security)
Loading