B
bigstyle [MVP]
Guest
Hi,
I would like to use LDAPS on my DC.
I have already read this article :
http://support.microsoft.com/default.aspx/kb/321051 ...
but I am not able to create my self-signed certificate with certreq as
I dont have any CA in my domain to submit the "request.req" file.
So I tried to create my own certificate with makecert by using this
command :
"makecert -r -pe -n "CN=FQDN_OF_DC.domain.local" -b 01/01/2000 -e
01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange
-sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12"
The certificate is created in Personal\Certificates (under Computer)
but when I watch the certificate status, I have a warning saying :
"This CA Root certificate is not trusted because it is not in the
Trusted Root Certification Authorities store.".
When I try to connect (locally)to my LDAPS using ldp.exe , I have an
error "Error <0x51>: Fail to connect to FQDN_OF_DC.domain.local."
Do you think I have this problem because of the fact the certificate
that I have created has not been delivered by a Trusted root CA store ?
Is there a way to bypass this limitation by creating a self signed
certificate for my DC that will let me try to use LDAPS ?
Thank you
P.S: Sorry for my english ;-)
--
bigstyle
MVP Windows Server - Directory Services
MCSE 2000/2003 Security
I would like to use LDAPS on my DC.
I have already read this article :
http://support.microsoft.com/default.aspx/kb/321051 ...
but I am not able to create my self-signed certificate with certreq as
I dont have any CA in my domain to submit the "request.req" file.
So I tried to create my own certificate with makecert by using this
command :
"makecert -r -pe -n "CN=FQDN_OF_DC.domain.local" -b 01/01/2000 -e
01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange
-sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12"
The certificate is created in Personal\Certificates (under Computer)
but when I watch the certificate status, I have a warning saying :
"This CA Root certificate is not trusted because it is not in the
Trusted Root Certification Authorities store.".
When I try to connect (locally)to my LDAPS using ldp.exe , I have an
error "Error <0x51>: Fail to connect to FQDN_OF_DC.domain.local."
Do you think I have this problem because of the fact the certificate
that I have created has not been delivered by a Trusted root CA store ?
Is there a way to bypass this limitation by creating a self signed
certificate for my DC that will let me try to use LDAPS ?
Thank you
P.S: Sorry for my english ;-)
--
bigstyle
MVP Windows Server - Directory Services
MCSE 2000/2003 Security