We have a Read Only Domain Controller which is sat in our DMZ, the server is Windows 2008 R2 Core so have not access to mmc. This is working fine and AD replication is ok with the correct firewall ports opened following Microsoft documentation on this. The problem i have is this RODC will be accesses via an LDAP lookup by a third party on the internet and therefore i'm installing an SSL cert to make the lookup an LDAPS lookup. I'm having trouble installing the SSL cert though. I have followed the following Microsoft document click here but i'm stuck at point 5, when i run the command on the server in the DMZ i get the following error:
A certificate chain could not be built to a trusted root authority. 0x800b010a(-2146762486)
The SSL cert is from GoDaddy. And the server has no ports open to the internet yet. When the command is run i'm assuming that it is trying to connect to a cert authority. But is it trying an internal one on my LAN or out to the internet. If its the internet what ports do i need to open to allow it to connect? If its internal what do i need to do?
Thanks