A very important adjunct to step 4 is getting the private key associated with the certificate into the server. If step 1 is done ON THE SERVER COMPUTER and it is not reinitialized in the meantime etc etc then in step 4 the association between the certificate and key should be recognized. However, the diagnostic implies that this failed to happen.
Can you confirm that step 1 was done on exactly the same computer that is the server in step 4?
ray v wrote:
Thanks for you input Rafeeq
Ok so maybe I should clearify the situation a bit more. I have the official openssl O'Reilly book so I didn't really need help using the openssl command line. I have an on going and viable CA and have been issueing certificate for authentication for sometime now.
My question is mainly concerned with getting LDAPS working on M$ NT2003 servers. Here are the steps I've taken.
1. Using M$ cert mananger create a certificate request. 2. Get request to Linux/openssl for signing
I use the openssl extension process to include "Server Authentication" according to the M$ document link contained within this e-mail.
3. Sign certificate and openssl x509 -in msserv.cert
-noout -text -purpose to test certificate
4. Get new certificate over to M$ NT2003 and inport into the computer's person certificate storage.
Also note that we have include our root certificate in the trusted root storage area on the server.
port 636 doesn't indeed appear to be listening however all attempt to connect fail. NT logs show "can't find private key for server certificate".
If anyone has successfully made NT 2003 work with openssl certificate on LDAPS or has an idea why the server can't find the private I would be appreciative.
thanks group!
--- Rafeeq Ahmed <[EMAIL PROTECTED]> wrote:
Hi ray
check this http://www.madboa.com/geek/openssl/
regards Rafeeq
On Mon, 28 Feb 2005 10:35:27 -0800 (PST), ray v <[EMAIL PROTECTED]> wrote:
I'm trying to get our domain controllers to make
use
of certificates generated by our openssl based CA.
Is
there documentation out there on how to make this
work
correctly? Any pointers would be appreciated!
Requirements for making third-party certificates
work
http://support.microsoft.com/default.aspx?scid=kb;en-us;291010
__________________________________ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty
viruses.
http://promotions.yahoo.com/new_mail
______________________________________________________________________
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
__________________________________ Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more.
http://info.mail.yahoo.com/mail_250
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
-- "An Internet-connected Windows machine is tantamount to a toddler carrying a baggie of $100 bills down a city street..."
Charles B. (Ben) Cranston mailto:[EMAIL PROTECTED] http://www.wam.umd.edu/~zben
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
