SSL/TLS LDAP Query --> Error initialising SSL/TLS

Discussion in 'Windows Server' started by Björn Urbanek, May 8, 2007.

  1. Hello together,

    I have the following problem:

    I use an Win2003 Srv with SFU 3.5 for user authentication on a linux server.
    We want to encrypt the LDAP-traffic with SSL/TLS certificates.
    We have an own CA (third party server, self signed).
    I have created certifcates for the windows machine and for ht linux
    machine. In "My Cerificates" in Windows the cerificate appears an I have
    set the root cerificate as trusted certificate.

    The linux machine also use the cerificate.

    But when I try an encrypted query, it always apperas the following error:


    Ereignistyp: Informationen
    Ereignisquelle: NTDS LDAP
    Ereigniskategorie: LDAP-Schnittstelle
    Ereigniskennung: 1535
    Datum: 08.05.2007
    Zeit: 10:13:04
    Benutzer: NT-AUTORITÄT\ANONYMOUS-ANMELDUNG
    Computer: GSXWIN2003ADS2
    Beschreibung:
    Internes Ereignis: Der LDAP-Server hat einen Fehler zurückgegeben:

    Zusätzliche Daten
    Fehlerwert:
    00000000: LdapErr: DSID-0C090CF0, comment: Error initializing SSL/TLS,
    data 0, vece


    In the very first try I have set up the win server as CA and I have use
    the certificate from the windows server and everything was fine, but
    with the third party CA it doesn't work.


    Further information ar not available.

    Has anybody an idea whats going wrong?

    Thanks a lot!
     
    Björn Urbanek, May 8, 2007
    #1
    1. Advertisements

  2. Hello together,
    Your certificate must contain some fields with pre-defined values, in
    other case windows DC will unable use it as LDAPs certificate.

    You can read about this here: http://support.microsoft.com/kb/321051
     
    Nick Domukhovsky, May 10, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.