We have VeriSign certificates on our domain controllers so that people can make LDAPS (secure LDAP) connections on port 636. These certificates are located in the Certificates (Local Computer) -> Personal -> Certificates folder on each domain controller. I can use LDP and create a connection on port 636 and it retrieves the RootDSE information as it should, so it appears that things are working as they should.
However, we have one application that needs to find a certificate presented on port 636 in order to use LDAPS connections. The certificates that this application are finding are the intermediary VeriSign certificates that signed the actual server certificate sitting in the Certificates (Local Computer) -> Personal -> Certificates folder. (Example: CertX was signed by VeriSignA. CertX is in the Certificates (Local Computer) -> Personal -> Certificates folder. The application is retrieving the VeriSignA certificate when searching for certificates on port 636.)
I'm pretty sure that this is an application issue, but want to ensure that it's not a certificate problem. My question is: is there a way to see what certificate is being used to allow port 636 SSL traffic?