I set up a test domain for my LDAP SSL tests and it is not working. I am using Windows Server 2008 R2 SP 1.
I came so far:
1. i generated and installed my self signed certificate on the test domain controller
2. on the server i can log into ldap over SSL with the MS ldp.exe tool.
3. using ldp.exe on a client that is no in this domain the login fails with error 0x51 = "failed to connect". (i don't have a client computer that is in this domain right now)
4. I testet the certificate by using it in the IIS on the test server and I can reach the default page of the test server over SSL. (from the client that is not in the domain)
5. analysing the traffic between client and server I can see that the server is sending a certificate to the client.
why isn't this working on my client computer?
Best Answer
Is seems to be very important that you install the same root ca on your client from which you try to connect your Server.
"You can also use this procedure to connect to the AD LDS instance over LDAPS from a client computer. In this scenario, the client must trust the server authentication certificate that is installed on the server that is running your AD LDS instance. You can achieve this trust by adding the root certificate from the same trusted CA that issued the AD LDS server authentication certificate to the Trusted Root Certification Authorities store on the client computer. "
Source: http://technet.microsoft.com/en-us/library/cc725767(WS.10).aspx
Regards, Andreas