Configure LDAPS

Experts,

I'm trying to configure secure LDAP for authentication for cloud services using port 636.  I am trying to issue the certificate on a 2003 Server that is the DC and is running certificate services.  I came across this article: http://support.microsoft.com/default.aspx?scid=kb;EN-US;321051, which I have tried to complete.  I get an error when trying to accept the certificate.  It says: Certificate Request Processor: Cannot find object or property. 0x80092004.  I have also attached the .inf file used to generate the cert request.  Any advice or direction is much appreciated.  Not sure where I goofed.  Thanks
request.txt
admintj06Asked:
Who is Participating?
 
admintj06Connect With a Mentor Author Commented:
Thanks for all of the comments and suggestions.  I believe I was doing everything correctly.  I also had a certificate for the domain controller already issued and after digging further, found the ACLs on the private keys were completely empty.  After resetting those, everything worked properly.
0
 
Jian An LimSolutions ArchitectCommented:
it is certificate related question ...

did you Submit the request to a CA?
which CA u used? internal or external?
if internal CA, did you own it?



the Certnew.cer is the OUTPUT from the CA...
0
 
admintj06Author Commented:
Yes, it is a certificate issue.  The request was issued to an internal CA (as noted initially).  The internal CA is a Windows 2003 server running Certificate Services.
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
btanExec ConsultantCommented:
The server must have a certificate stored in the local machine store that meets the following criteria:

Certificate Contains the Server Authentication OID: 1.3.6.1.5.5.7.3.1
The Subject name or the first name in the SAN must match the FQDN of the host machine.
The Certificate passes the chaining validation test.
The host machine account has access to the private key

Troubleshooting LDAP Over SSL
http://blogs.technet.com/b/askds/archive/2008/03/13/troubleshooting-ldap-over-ssl.aspx

there is also mentioned for Primary DNS suffix.
http://social.technet.microsoft.com/Forums/en-US/configmgribcm/thread/e09a36ca-6b60-4b54-9607-42c60efe590b

Also i suggest you run through these useful article

Overall - LDAP over SSL (LDAPS) Certificate
http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx

Request a computer certificate for server authentication (step by step)
http://technet.microsoft.com/en-us/library/cc740173%28WS.10%29.aspx
0
 
ParanormasticCryptographic EngineerCommented:
The .inf looks OK, although you don't really need the last couple lines for the enhanced key usage extension & the OID - that should be provided by your certificate template & providing it in the request can sometimes be problematic.

When running certreq -accept filename.cer make sure you are running from an elevated admin cmd box.

Instead of using the certreq -accept method you can also try doing this (also from elevated admin cmd box) :
certutil -addstore my filename.cer
certutil -dump filename.cer | findstr /i /c:"serial"
(copy the serial number value)
certutil -repairstore my PASTE_SERIAL_NUMBER

Also make sure your CA certs are trusted:
certutil -addstore root root.cer
certutil -addstore ca non-root-ca.cer

If still problems, do a general sanity check - check the validity period & name on the certificate.  Also check the same on the box you are installing to. Remember to check the month & year as well when checking the time.  Check that the name specified in the CN value is valid for this box, including the DNS suffix.

If still giving you problems, check your event logs too and post back.
0
 
btanExec ConsultantCommented:
Thanks for sharing. Hope we have help much.
0
 
admintj06Author Commented:
Resolved problem.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.