Re: Automating Installation of Certificates for ADAM

I'm not sure what the right way to do this programmatically would be. There
is probably a way to do it, although I'm not sure there is an easy way to do
it via scripting.

Normally, this is a good place to ask ADAM questions, but given that your
question seems to be more about crypto/certs stuff than ADAM itself, you
might want to ask the question in one of the primary crypto newsgroups
instead (ms.public.platformsdk.security or ms.public.security.crypto). When
you restate the question, just explain that ADAM prefers to have the cert
installed in the service account store instead of personal or local machine
and they should be able to follow from there.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Jeffrey Harris" <1Jeffrey1.1Harris1@xxxxxxxxxxxxxxxx> wrote in message
news:7F8C77E9-8187-4E2C-B911-FB6B6A48E215@xxxxxxxxxxxxxxxx
I have been searching for a way to automated the installation of
certificates
for ADAM. If this is not the correct forum for this question, please let
me
know where to cross-post my question.

We use a dedicated domain service account for ADAM. So far, I have been
able to create a certificate request and install the certificate into the
Local Computer Store using certreq, and export a pfx file using a VBScript
supplied with the Capicom SDK.

However, my stumbling point has been a way to import a pfx file into a
service account. Everything I have found (including Powershell)
references
either the LM or CU stores (from looking the registry, the Service Account
certificate information is referenced under LM, but in a different
branch).
Supposedly, there is a way to open a custom store name, but none of my
attempts to blindly write the syntax work.

Is there a way to reference a service account's certificate store using
VBScript, or an existing command-line tool? So far, only the Certificate
Snap-in for the MMC works, but that is a GUI-based method.

Thanks.
--
Jeffrey Harris, MCSE W2K.
Please remove the '1's from the e-mail address before sending.


.

Relevant Pages

  • Re: Need assistance setting up SSL on ADAM
    ... did you restart the ADAM instance after you installed the certificate? ... [Assuming that the cert is in either the machine store or ... > because the server was unable to obtain a certificate. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM SSL
    ... To be honest we could not figure out how to get the cert into the ADAM ... Installing a certificate for ADAM SSL ... MMC console that has the Local Computer Personal Certificate ... store and the ADAM instance Personal Certificate Store visible. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cannnot make SSL work with ADAM
    ... I just repeated all the steps with the selfSSL certificate. ... cert from the computer store and imported into the service account store. ...
    (microsoft.public.windows.server.active_directory)
  • Re: where is client certificate on server usually installed?
    ... Typically, I've seen it installed in the machine store, or the store for the ... I think the store for the service account is prefered. ... and windows 2003 servers that can use a digital certificate for client ... Would an import functionality to install ...
    (microsoft.public.windows.server.security)
  • Re: where is client certificate on server usually installed?
    ... and windows 2003 servers that can use a digital certificate for client ... the personal store. ... Would an import functionality to install ... installed in the profile of the service account. ...
    (microsoft.public.windows.server.security)