Discussion:
Check AD SSL Certificate?
(too old to reply)
ohaya
2009-07-23 19:51:25 UTC
Permalink
Hi,

We have an AD that we configured several years ago to allow LDAPS (SSL)
connections. I've been looking into a problem where someone is
reporting not being able to connect/bind to it on port 636, and I
suspect that the server cert may have expired.

Is there any way (tools, etc.) to check/display the certs (both the CA
and the server cert) that the AD is using for SSL?

Thanks,
Jim
Marcin
2009-07-25 11:17:13 UTC
Permalink
Search for the certificate that matches criteria outlined in the
http://support.microsoft.com/kb/321051
This can be done using Certificates snap-in (personal computer certificate
store on the DC) or certutili utility...

hth
Marcin
Post by ohaya
Hi,
We have an AD that we configured several years ago to allow LDAPS (SSL)
connections. I've been looking into a problem where someone is reporting
not being able to connect/bind to it on port 636, and I suspect that the
server cert may have expired.
Is there any way (tools, etc.) to check/display the certs (both the CA and
the server cert) that the AD is using for SSL?
Thanks,
Jim
ohaya
2009-07-25 17:27:07 UTC
Permalink
Marcin,

Thanks for the pointers. We'll give either the certificates snap-in or
certutil a try.

Jim
Post by Marcin
Search for the certificate that matches criteria outlined in the
http://support.microsoft.com/kb/321051
This can be done using Certificates snap-in (personal computer certificate
store on the DC) or certutili utility...
hth
Marcin
Post by ohaya
Hi,
We have an AD that we configured several years ago to allow LDAPS (SSL)
connections. I've been looking into a problem where someone is reporting
not being able to connect/bind to it on port 636, and I suspect that the
server cert may have expired.
Is there any way (tools, etc.) to check/display the certs (both the CA and
the server cert) that the AD is using for SSL?
Thanks,
Jim
Loading...