A very important adjunct to step 4 is getting the
private key associated with the certificate into
the server. If step 1 is done ON THE SERVER
COMPUTER and it is not reinitialized in the meantime
etc etc then in step 4 the association between the
certificate and key should be recognized. However,
the diagnostic implies that this failed to happen.
Can you confirm that step 1 was done on exactly the
same computer that is the server in step 4?
ray v wrote:
Thanks for you input Rafeeq
Ok so maybe I should clearify the situation a bit
more. I have the official openssl O'Reilly book so I
didn't really need help using the openssl command
line. I have an on going and viable CA and have been
issueing certificate for authentication for sometime
now.
My question is mainly concerned with getting LDAPS
working on M$ NT2003 servers. Here are the steps I've
taken.
1. Using M$ cert mananger create a certificate
request.
2. Get request to Linux/openssl for signing
I use the openssl extension process to include "Server
Authentication" according to the M$ document link
contained within this e-mail.
3. Sign certificate and openssl x509 -in msserv.cert
-noout -text -purpose to test certificate
4. Get new certificate over to M$ NT2003 and inport
into the computer's person certificate storage.
Also note that we have include our root certificate in
the trusted root storage area on the server.
port 636 doesn't indeed appear to be listening however
all attempt to connect fail. NT logs show "can't find
private key for server certificate".
If anyone has successfully made NT 2003 work with
openssl certificate on LDAPS or has an idea why the
server can't find the private I would be appreciative.
thanks group!
--- Rafeeq Ahmed <[EMAIL PROTECTED]> wrote:
Hi ray
check this
http://www.madboa.com/geek/openssl/
regards
Rafeeq
On Mon, 28 Feb 2005 10:35:27 -0800 (PST), ray v
<[EMAIL PROTECTED]> wrote:
I'm trying to get our domain controllers to make
use
of certificates generated by our openssl based CA.
Is
there documentation out there on how to make this
work
correctly? Any pointers would be appreciated!
Requirements for making third-party certificates
work
http://support.microsoft.com/default.aspx?scid=kb;en-us;291010
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty
viruses.
http://promotions.yahoo.com/new_mail
______________________________________________________________________
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
__________________________________
Do you Yahoo!?
Yahoo! Mail - Easier than ever with enhanced search. Learn more.
http://info.mail.yahoo.com/mail_250
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
--
"An Internet-connected Windows machine is tantamount to
a toddler carrying a baggie of $100 bills down a city street..."
Charles B. (Ben) Cranston
mailto:[EMAIL PROTECTED]
http://www.wam.umd.edu/~zben
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]