jekautz
asked on
LDAPS on Windows 2003
My goal here is to get my SonicWALL TZ270 to use LDAPS with my Windows 2003 DC. Right now I cannot even verify that LDAPS is working at all.
On my Windows 2003 server, in CMD, I can "TELNET LOCALHOST 636" and it seems to make a connection to that port, but when I use LDP and connect to LOCALHOST on port 636 it says "Can't open connection.
I have been all over Google Land today and have read plenty of sites, but nothing is catching. Several sites said that all you need to do is install CA and then bam! it works. But I installed CA and it isn't working.
I read on this link LDAPS that you need certain requirements for it to work. I ran the "Certutil –VerifyStore MY" command and my printed results do not match what this article is saying. For instance, my Subject is not "CN=servername.Contoso.loc al" it is "CN=servername, DC=Contoso, DC=Local". I'm not sure that it matters.
Also I do not have the Server Authentication OID: 1.3.6.1.5.5.7.3.1 and I don't know how to get it in there.
On my Windows 2003 server, in CMD, I can "TELNET LOCALHOST 636" and it seems to make a connection to that port, but when I use LDP and connect to LOCALHOST on port 636 it says "Can't open connection.
I have been all over Google Land today and have read plenty of sites, but nothing is catching. Several sites said that all you need to do is install CA and then bam! it works. But I installed CA and it isn't working.
I read on this link LDAPS that you need certain requirements for it to work. I ran the "Certutil –VerifyStore MY" command and my printed results do not match what this article is saying. For instance, my Subject is not "CN=servername.Contoso.loc
Also I do not have the Server Authentication OID: 1.3.6.1.5.5.7.3.1 and I don't know how to get it in there.
ASKER
I have tried the instructions at
http://support.microsoft.c om/kb/3210 51
And it doesn't work. I copied the text in Step1 and pasted into Notepad. I changed the subject to "servername.Contoso.local" , (and I also tried "CN=servername, DC=Contoso, DC=Local"), saved the file as request.inf and used certreq to turn it into a req file.
Next, I open CA and right-click on my server, all tasks, submit new request. When I pick that req file I get this error:
http://support.microsoft.c
And it doesn't work. I copied the text in Step1 and pasted into Notepad. I changed the subject to "servername.Contoso.local"
Next, I open CA and right-click on my server, all tasks, submit new request. When I pick that req file I get this error:
The request contains no certificate template information. 0x80094801 (-2146875391). Denied by policy module 0x80094801. The request does not contain a certificate template extension or the certificate template request attribute.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
My post stalled and I did not receive the resolution from any of the posts by other members.
http://support.microsoft.com/kb/321051
To enable LDAPS on windows server 2003 refer below link:
http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx
https://www.watchguard.com/help/docs/ssl/3/en-US/index_Left.html#CSHID=en-US%2Fmanage_system%2Factive_directory_auth_w-ldap-ssl.html|StartTopic=Content%2Fen-US%2Fmanage_system%2Factive_directory_auth_w-ldap-ssl.html|SkinName=WG_SSL (en-US)
http://panerarichang.blogspot.in/2012/01/how-to-enable-ldap-over-ssl.html