I have a domain controller, which has Active Directory (AD). I want to turn on LDAPS on this AD, so that I could access the AD via secure connection. I have followed the following guide: http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx
I have done everything in "Publishing a Certificate that Supports Server Authentication" and "Exporting the LDAPS Certificate and Importing for use with AD DS". When I try to netstat, I can see that port 636 is open, but its IP address is 0.0.0.0, which supposedly means that it cannot be accessed from outside. The plain LDAP does work and I can both connect to it and see it in netstat as open both for 0.0.0.0 and my domain controller's IP address, but I cannot access the domain controller via LDAPS.
What is the problem? Have I missed some step in this guide? What do I need to do extra? I have tested LDAP and LDAPS connection with Active Directory Administration Tool.
This is the output I get from LDP.EXE:
ld = ldap_sslinit("10.165.0.10", 636, 1);
Error 81 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to 10.165.0.10.
Best Answer
The problem was that I used the IP address when trying to connect, while the certificate was issued for a DNS name. Now it works.