Saturday, April 25, 2015

Configuring Active Directory Lightweight Directory Services (ADLDS) with SSL

I was recently attempting to set up an instance of ADLDS with SSL using a Self-Signed Certificate when I got this error message in my Windows System Event Logs:

The SSL server credential's certificate does not have a private key information property attached to it. This most often occurs when a certificate is backed up incorrectly and then later restored. This message can also indicate a certificate enrollment failure.

I attempted to follow this article on how to set up LDAP over SSL: 

I even took a look at this article to see if it would provide additional insight:

Of course, this article looked the most comprehensive in terms of guidance:

However, none of these articles got me any further than I was before!

As it turned out, my ADLDS instance was using a non-standard port of 5001, therefore, I found this article about required ports for ADLDS with SSL:

Based on the above MSDN Article, I could only use SSL with ADLDS on port 636!!  No other port would work!!

Well, I decided to reinstall my ADLDS instance to use the standard ports of 389 and 636 and once again re-applied my SSL certificate.

As you can probably already guess, this resolved my problem!! I was using a port number that did not support SSL (LDAPS) all along!!

No comments:

Post a Comment