问题
i am trying to configure my AD LDS instance to run through SSL so that i can connect to it from another computer using my application and perform password change operations.
I installed the Certificate Authorities to create a Server certificate which i can use on my AD LDS instance. I added the certificate to the Personal Store of the AD LDS instance and gave read permission on the certificate for everyone (i couldn't find how to add only my AD LDS service name to it.)
When i try to connect to this instance in the ADSI edit using Configuration naming context and the SSL port 636 plus the use SSL-based Encription i got the error that the Server is not operational.
What am i missing? How can i check what went wrong?
回答1:
First, ensure the private key associated with the SSL certificate isn't missing. Second, when you install an SSL certificate into an AD LDS instance, you must select service account before adding certificate into the Personal store; otherwise if you added certificate to the Personal store of the actively logged-in user then AD LDS won't be able to use that. Based on your problem statement it sounds like one of these two problems, or both, have occurred. Here is an article to troubleshoot a missing private key: What are the steps to recover the private key of an SSL certificate. Only after running that article first verifying if the private key is in place (very important), then run through this article next, which outlines correct procedure to add a certificate to AD LDS: Configuring LDAP over SSL Requirements for AD LDS.
来源:https://stackoverflow.com/questions/40530328/ad-lds-through-ssl-on-windows-server-2012-r2