----- Original Message -----
Sent: Monday, February 28, 2005 9:03
PM
Subject: Re: [ActiveDir] Problem using
Certificates to connect to AD machine
If you installed the CA on the PDC then did you
install it as an Enterprise CA?
If this is a production environment you should
really understand the PKI needs for your company currently,
and any future plans.
In a nutshell you need a Domain Controller
cert or Server Auth cert on the DC with the FQDN of the DC in the
Subject field.
Your clients need to be able to resolve
the FQDN and be able to reach the CDP locations you specified when setting
up the CA (defaults are LDAP and HTTP paths to the CA
itself)
Clients also need to have the Root CA cert
in the Trusted Roots store so the cert chains up
correctly.
good luck!
steve
----- Original Message -----
Sent: Monday, February 28, 2005 5:58
AM
Subject: RE: [ActiveDir] Problem
using Certificates to connect to AD machine
Slow down. This isn't the instant email AD support
hotline. You sent the message when most of the people are
offline that tend to respond to things. If you see it goes a couple
of days without a response, then it is probably good to ping the list
asking if anyone has seen it.
In the meanwhile, have you referred to the MS
websites on certs? Read the white papers and related docs? You were
unaware of the cert requirement for an LDAP update at all until I
responded Saturday with a fairly well known KB article that you could have
found through google.
Unless you are doing this from a non-windows machine,
also consider alternative mechanisms for changing passwords that don't
require the cert and ssl connection as well.
joe
any views?
----- Original Message -----
Sent: Monday, February 28, 2005
2:06 PM
Subject: Re: [ActiveDir] Problem
using Certificates to connect to AD machine
Hi,
I tried to generate a certificate using the
w2k CA, but smehow, I am not able to correctly generate one. The s/w (CP
MDS server) is not able to connect to the server using this
certificate.
The name of the PDC is "kaling" in the
domain "meta.test". But this machine is accessible from outside (eg.
from my machine) as "kaling.persistent.co.in".
Any thing I must take care while generating
the certificate?
Regards,
Mayuresh.
----- Original Message -----
Sent: Monday, February 28, 2005
1:51 PM
Subject: [ActiveDir] Problem
using Certificates to connect to AD machine
Hi,
I have installed a CA on my PDC. and now
I want to connect to this PDC from a different machine to change the
"unicodePwd" attribute. I created a certificate and exported it and
installed it on the connecting machine, but dont seem to be able to
connect.
Can you tell me how do I issue, and which
certificate should I issue to be able to connect to the PDC
machine?
Thanks.
Mayuresh Kshirsagar
Persistent Systems Pvt.
Ltd.,
402E, Bhageerath,
Senapati Bapat Road.
Pune -
16.
Phone:
020-25602983
________________________________________________________________________________
Persistent Systems is the Gold Sponsor of SOFTWARE 2005
April 26th-27th, Santa Clara,
CA
________________________________________________________________________________