Re: [ActiveDir] Problem using Certificates to connect to AD machine

[Mayuresh Kshirsagar]

One more thing I noticed here is that it is using the cert which was installed long while ago. But after that, the CA was installed/uninstalled several times, and new certificates were issued. but still it is using the same cert? ----- Original Message ----- From: Mayuresh Kshirsagar To: ActiveDir@mail.activedir.org Sent: Tuesday, March 01, 2005 1:44 AM Subject: Re: [ActiveDir] Problem using Certificates to connect to AD machine I also see that The certificate that I see from right clicking the CA is as attached. But when I check using a utility from my machine, I see the following information:   Subject name: CN=kaling.meta.test Issuer name : C=IN, L=Pune, O=PSPL, OU=support, CN=meta-test Valid from (dd/mm/yyyy): 25/03/2004 Valid to   (dd/mm/yyyy): 25/03/2006   Which is not matching.   How can I correct this? ----- Original Message ----- From: Mayuresh Kshirsagar To: ActiveDir@mail.activedir.org Sent: Tuesday, March 01, 2005 1:30 AM Subject: Re: [ActiveDir] Problem using Certificates to connect to AD machine I generated this certificate from the CA and it says, it doesn't have enough information to verify this certificate!   I generated a new certificate from "Personal->certificate" from Certificate snap-in. Then copied this certificate onto my machine and installed it here under the "Trusted Root Certification Authorities" store. But am still not able to connect.   :-( ----- Original Message ----- From: Mayuresh Kshirsagar To: ActiveDir@mail.activedir.org Sent: Monday, February 28, 2005 11:33 PM Subject: Re: [ActiveDir] Problem using Certificates to connect to AD machine This is the error number I am able to see.....   session=3741BE8 cannot negotiate SSL security error 8048   can you speculate what this means? ----- Original Message ----- From: Steve Patrick To: ActiveDir@mail.activedir.org Sent: Monday, February 28, 2005 9:03 PM Subject: Re: [ActiveDir] Problem using Certificates to connect to AD machine If you installed the CA on the PDC then did you install it as an Enterprise CA? If this is a production environment you should really understand the PKI needs for your company currently, and any future plans. In a nutshell you need a Domain Controller cert or Server Auth cert on the DC with the FQDN of the DC in the Subject field. Your clients need to be able to resolve the FQDN and be able to reach the CDP locations you specified when setting up the CA (defaults are LDAP and HTTP paths to the CA itself) Clients also need to have the Root CA cert in the Trusted Roots store  so the cert chains up correctly.   good luck!   steve     ----- Original Message ----- From: joe To: ActiveDir@mail.activedir.org Sent: Monday, February 28, 2005 5:58 AM Subject: RE: [ActiveDir] Problem using Certificates to connect to AD machine Slow down. This isn't the instant email AD support hotline. You sent the message when most of the people are offline that tend to respond to things. If you see it goes a couple of days without a response, then it is probably good to ping the list asking if anyone has seen it.   In the meanwhile, have you referred to the MS websites on certs? Read the white papers and related docs? You were unaware of the cert requirement for an LDAP update at all until I responded Saturday with a fairly well known KB article that you could have found through google.   Unless you are doing this from a non-windows machine, also consider alternative mechanisms for changing passwords that don't require the cert and ssl connection as well.    joe   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mayuresh Kshirsagar Sent: Monday, February 28, 2005 8:34 AM To: Siddharth Sawkar Cc: activeDir@mail.activedir.org Subject: Re: [ActiveDir] Problem using Certificates to connect to AD machine any views?   ----- Original Message ----- From: Mayuresh Kshirsagar To: Siddharth Sawkar Cc: activeDir@mail.activedir.org Sent: Monday, February 28, 2005 2:06 PM Subject: Re: [ActiveDir] Problem using Certificates to connect to AD machine Hi,   I tried to generate a certificate using the w2k CA, but smehow, I am not able to correctly generate one. The s/w (CP MDS server) is not able to connect to the server using this certificate.   The name of the PDC is "kaling" in the domain "meta.test". But this machine is accessible from outside (eg. from my machine) as "kaling.persistent.co.in".   Any thing I must take care while generating the certificate?   Regards, Mayuresh. ----- Original Message ----- From: Mayuresh Kshirsagar To: activeDir@mail.activedir.org Sent: Monday, February 28, 2005 1:51 PM Subject: [ActiveDir] Problem using Certificates to connect to AD machine Hi,   I have installed a CA on my PDC. and now I want to connect to this PDC from a different machine to change the "unicodePwd" attribute. I created a certificate and exported it and installed it on the connecting machine, but dont seem to be able to connect.   Can you tell me how do I issue, and which certificate should I issue to be able to connect to the PDC machine?   Thanks.   Mayuresh Kshirsagar Persistent Systems Pvt. Ltd., 402E, Bhageerath, Senapati Bapat Road. Pune - 16. Phone: 020-25602983 ________________________________________________________________________________ Persistent Systems is the Gold Sponsor of SOFTWARE 2005 April 26th-27th, Santa Clara, CA ________________________________________________________________________________