Using a certificate with an ADAM instance

(1) on the ADAM server look in:

c:\documents and settings\All
Users\ApplicationData\Microsoft\Crypto\RSA\MachineKeys

and note what keys are there

(2) on the ADAM server request and install a server certificate
 for use by ADAM in the Computer Personal certificate store or
 the ADAM Instance personal certificate store (preferred)
 Use the MMC Certificates snap-in to install the certificate.

 The cert needs to be issued to the FQDN of the machine, and it
 should be issued for Server Authentication.

(3) on the ADAM server look in:

c:\documents and settings\All
Users\ApplicationData\Microsoft\Crypto\RSA\MachineKeys

and see what new key is there as a result of (2) and grant READ
permission on that key for the ADAM service account.

NOTE you need to set the permission on the key, the keys
in that folder do not inherit permissions

(4) install or restart an ADAM instance on the server

(5) On the ADAM server, run ldp.exe and Connect.

In the server field: put the name of the ADAM server as it appears
in the Issued To column of the Certificate MMC when you added the
certificate

In the Port Box put the port number for the ADAM instance
SSL and check the SSL box.

You should see an ldap_sslint connection initiate and
hopefully connect.

When you attempt to connect from a client other than
the ADAM server itself (localhost) the client should
specify the FQDN of the server that the server was
issued to and the client must trust the Certificate
Authority that issued the certificate.

If the connection fails check the event log for the ADAM instance,
the presence of Event Id: 1220

Description:
LDAP over Secure Sockets Layer (SSL) will be unavailable
at this time because the server was unable to obtain a certificate.

Indicates that the ADAM instance has not found a usable
certicifcate, this is often due to permissions not being set [see
step(3) above]

Lee Flight