Hello All,
I have AD setup detailed as below:-
Parent domain - parent.com
Child domain - child.parent.com
Machine part of parent.com – machine1.parent.com
Using ldp.exe, I can connect to port 389 (non SSL mode) from machine1.parent.com. No issues here.
But when I try to access with SSL on port 636 from ldp.exe I get error “Cannot open connection”. In the event viewer, System logs I see
"The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate."
This is logged on 'machine1.parent.com' machine.
To enable SSL I have followed below steps:-
Followed below steps on the DC machine (parent.com machine)
- Installed the "Active directory Certificate Services" on parent.com DC. This role includes below services
- Certificate Authority
- Certificate Authority For Web Enrollment
- Online Responder
- Certificate enrollment Policy Web Service
- CA type is ‘Enterprise Root CA’.
- I added the CN as fqdn of the domain name.
- Selected all default values in the setup wizard.
- In Group policy management (gpmc.msc), I completed ‘Automatic Certificate Request Wizard’ as below:-
- Under domains (parent.com), right click ‘Default Domain Policy’. (This opens a new window)
- Computer Configuration--> Policies --> Windows Settings --> Security Settings --> Public Key Policies --> Automatic Certificate Request Wizard. Created a Domain controller template.
- Added root CA (C:\WIndows\System32\Certsrv\CertEnroll\<parentDCMachineName.Parent.com-CA.crt>) to ‘Trusted Root Certification Authority’ as below:-
- Start--> Run--> mmc
- File--> Add/Remoce Snap-in --> Certificates --> Computer Account – Local
- Expand ‘Certificates (Local Computer)’
- Right click ‘Trusted Root Certification Authority’, All Tasks --> Import
- Import <C:\WIndows\System32\Certsrv\CertEnroll\<parentDCMachineName.Parent.com-CA.crt>
- Complete the wizard
Verified below on the machine (machine1.parent.com)
- Added root CA created on DC to ‘Trusted Root Certification Authority’ of this machine.
Have I missed anything? Please help.
/M