Re: [ActiveDir] Problem using Certificates to connect to AD machine

[Steve Patrick]

If you installed the CA on the PDC then did you install it as an Enterprise CA? If this is a production environment you should really understand the PKI needs for your company currently, and any future plans. In a nutshell you need a Domain Controller cert or Server Auth cert on the DC with the FQDN of the DC in the Subject field. Your clients need to be able to resolve the FQDN and be able to reach the CDP locations you specified when setting up the CA (defaults are LDAP and HTTP paths to the CA itself) Clients also need to have the Root CA cert in the Trusted Roots store  so the cert chains up correctly.   good luck!   steve     ----- Original Message ----- From: joe To: ActiveDir@mail.activedir.org Sent: Monday, February 28, 2005 5:58 AM Subject: RE: [ActiveDir] Problem using Certificates to connect to AD machine Slow down. This isn't the instant email AD support hotline. You sent the message when most of the people are offline that tend to respond to things. If you see it goes a couple of days without a response, then it is probably good to ping the list asking if anyone has seen it.   In the meanwhile, have you referred to the MS websites on certs? Read the white papers and related docs? You were unaware of the cert requirement for an LDAP update at all until I responded Saturday with a fairly well known KB article that you could have found through google.   Unless you are doing this from a non-windows machine, also consider alternative mechanisms for changing passwords that don't require the cert and ssl connection as well.    joe   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mayuresh Kshirsagar Sent: Monday, February 28, 2005 8:34 AM To: Siddharth Sawkar Cc: activeDir@mail.activedir.org Subject: Re: [ActiveDir] Problem using Certificates to connect to AD machine any views?   ----- Original Message ----- From: Mayuresh Kshirsagar To: Siddharth Sawkar Cc: activeDir@mail.activedir.org Sent: Monday, February 28, 2005 2:06 PM Subject: Re: [ActiveDir] Problem using Certificates to connect to AD machine Hi,   I tried to generate a certificate using the w2k CA, but smehow, I am not able to correctly generate one. The s/w (CP MDS server) is not able to connect to the server using this certificate.   The name of the PDC is "kaling" in the domain "meta.test". But this machine is accessible from outside (eg. from my machine) as "kaling.persistent.co.in".   Any thing I must take care while generating the certificate?   Regards, Mayuresh. ----- Original Message ----- From: Mayuresh Kshirsagar To: activeDir@mail.activedir.org Sent: Monday, February 28, 2005 1:51 PM Subject: [ActiveDir] Problem using Certificates to connect to AD machine Hi,   I have installed a CA on my PDC. and now I want to connect to this PDC from a different machine to change the "unicodePwd" attribute. I created a certificate and exported it and installed it on the connecting machine, but dont seem to be able to connect.   Can you tell me how do I issue, and which certificate should I issue to be able to connect to the PDC machine?   Thanks.   Mayuresh Kshirsagar Persistent Systems Pvt. Ltd., 402E, Bhageerath, Senapati Bapat Road. Pune - 16. Phone: 020-25602983 ________________________________________________________________________________ Persistent Systems is the Gold Sponsor of SOFTWARE 2005 April 26th-27th, Santa Clara, CA ________________________________________________________________________________