I am attempting to use an SSL certificate to secure LDAPS on our Active Directory, following the instructions found on Microsoft website at http://support.microsoft.com/kb/321051
I am logged on as Domain Admin on the machine where the certificate is to be storted.
I create the request and submit to our CA.
They then return the certificate.
I then import the certifcate into the Active Directory Domain Services NTDS\Personal Store.
The certificate imports and is visible.
However it is not possible to connect to LDAPs over SSL.
Investigations show that the private key has not been associated with the certificate at import.
The Domain Controller has been restarted and this caused the following error to appear in the System Log.
Event 36869 Schannel
The SSL server credential's certificate does not have a private key information property attached to it. This most often occurs when a certificate is backed up incorrectly and then later restored. This message can also indicate a certificate enrollment failure.
Clearly since this is a new key there is no backup problem.
Does anyone have any idea what I can do to get the Private Key to assoiciate with the certificate. I have been right through the process twice, revoking the original certificate. I am always logged on a domain admin.
Many thanks.
Best Answer
The certificate that's returned must be used to complete the certificate request, not just imported into the store.
See step 5 in that KB:
This should automatically place the certificate in the store, it does not need a manual import.
Additionally, it should be in the computer's personal store, not the service's store.