I updated my root CA to 2048 (from 1024) and followed the SSL procedures to use OpenSSL to convert from PKCS12 to PEM. I uploaded the new root certificate. to the GSA. I noticed an LDAP error stating port 636 was closed. I verified on the DC that 636 was active and listening. I attempted to setup the LDAP via 636 but it continues to state the port is closed. On the Windows 2008 Server the DC event logs state a schannel error "The SSL server credentials certificate does not have a private key information properly attached to it." This is a self signed root CA and the CA is on a Windows 2008 Domain controller
We recently patched the critical updates for 2008. Prior SSL1-3 were permitted and I had no issues with LDAP. Now TLS is required and the GSA acts as if the socket to 636 is closed.
It appears that I am not exporting the certificate correctly. Here is what I have: Windows 2008 R2 Domain Controller with CA role installed. I have two Root certificates name after the domain name. They are the trusted root folder.
I have exported as a PKCS12 with a pass phrase and I have exported as a x509.cer
I followed the help file instruction to use openssl to convert the formatting of the certificate.
openssl pkcs12 -in test1.pfx -out test1.pem
I then installed the test1,pem as the certificate and I used the same file for the passphrase.
Certificate loads fine LDAP still will not establish a connection with 636 and repeats the same schannel error as above.
Any help would be appreciated.
-Doug