Ldap – How to determine if strong key protection is enabled for a certificate private key in Server 2008 R2

certificateldapwindows-server-2008-r2

I'm trying to get a Windows Server 2008 R2 domain controller to use SSL with LDAP. I have a certificate installed, but I'm unable to connect on port 636 via ldp.exe (port 389 works just fine). I verified that the port is open on the firewall, and now I'm working through the certificate requirements on this MS Knowledge Base article.

I checked most of the requirements already, but I'm stuck on verifying this:

The private key must not have strong private key protection enabled.

How can I verify this for a previously installed certificate? The certificate was issued by DigiCert.

Best Answer

I don't have a test system at the moment but a Google search produced this article.

Windows PKI Blog - What is a strong key protection in Windows?

Near the bottom it states:

So how can you find out if a key associated with some certificate has strong key protection enabled? One way would be to use certutil.exe -store command that performs a key operation on each certificate it enumerates. If the key has high protection set, the UI will be displayed.

Best Answer

Related Solutions

Ldap – How to import certificate for Apache + LDAPS

Ssl – How to setup SSL for Active Directory

Related Topic