2

We are accessing Active Directory through LDAP over SSL through Java on Windows Server 2003.

We have the properly authenticated certificate installed however another certificate has appeared on the machine from another service automatically.

We have removed the second certificate once and a new one was created.

The problem is, when we try to access AD through SSL the server presents the second certificate first rather than the certificate that we want. Is there a way to specify which certificate that AD uses?

I'm aware of the following from the Microsoft site but do not know how to get around it:

Multiple SSL certificates Schannel, the Microsoft SSL provider, selects the first valid certificate that it finds in the local computer store. If there are multiple valid certificates available in the local computer store, Schannel may not select the correct certificate.

Improve this question

1 Answer 1

Reset to default
1

What OS version is this? I assume you are talking about LDAP over SSL when you say "accessing AD over SSL through Java".

If you have 2k8 or above, you can put the LDAP certificate in the NTDS\MY store and it will ensure that LDAP picks that one versus certificates that match the machine in the LocalMachine\MY store.

Take a look at http://technet.microsoft.com/en-us/library/dd941846%28WS.10%29.aspx if you need details.

Improve this answer
1
  • Thanks. Yes, LDAP over SSL. We are on Windows 2003. Commented Jul 2, 2010 at 9:52

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.