We are accessing Active Directory through LDAP over SSL through Java on Windows Server 2003.
We have the properly authenticated certificate installed however another certificate has appeared on the machine from another service automatically.
We have removed the second certificate once and a new one was created.
The problem is, when we try to access AD through SSL the server presents the second certificate first rather than the certificate that we want. Is there a way to specify which certificate that AD uses?
I'm aware of the following from the Microsoft site but do not know how to get around it:
Multiple SSL certificates
Schannel, the Microsoft SSL provider, selects the first valid certificate that it finds in the local computer store. If there are multiple valid certificates available in the local computer store, Schannel may not select the correct certificate.
Best Answer
What OS version is this? I assume you are talking about LDAP over SSL when you say "accessing AD over SSL through Java".
If you have 2k8 or above, you can put the LDAP certificate in the NTDS\MY store and it will ensure that LDAP picks that one versus certificates that match the machine in the LocalMachine\MY store.
Take a look at http://technet.microsoft.com/en-us/library/dd941846%28WS.10%29.aspx if you need details.