|
Posted by bigstyle [MVP] on December 12, 2007, 6:03 am
If you were Registered and logged in, you could reply and use other advanced thread options
Finally it works !
I have deleted every certs then I have created them by using the
command quoted below.
After a reboot of the DC, the LDAP over 636 is working fine !
Thank you
> Hi,
>
> I would like to use LDAPS on my DC.
> I have already read this article :
>
> but I am not able to create my self-signed certificate with certreq as I dont
> have any CA in my domain to submit the "request.req" file.
>
> So I tried to create my own certificate with makecert by using this command :
> "makecert -r -pe -n "CN=FQDN_OF_DC.domain.local" -b 01/01/2000 -e 01/01/2036
> -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft
> RSA SChannel Cryptographic Provider" -sy 12"
>
> The certificate is created in Personal\Certificates (under Computer) but when
> I watch the certificate status, I have a warning saying : "This CA Root
> certificate is not trusted because it is not in the Trusted Root
> Certification Authorities store.".
>
> When I try to connect (locally)to my LDAPS using ldp.exe , I have an error
> "Error <0x51>: Fail to connect to FQDN_OF_DC.domain.local."
>
> Do you think I have this problem because of the fact the certificate that I
> have created has not been delivered by a Trusted root CA store ?
>
> Is there a way to bypass this limitation by creating a self signed
> certificate for my DC that will let me try to use LDAPS ?
>
> Thank you :)
>
> P.S: Sorry for my english ;-)
--
bigstyle
MVP Windows Server - Directory Services
MCSE 2000/2003 Security
| 
XML site map