Re: SSL bind to LDAP for password change

I'm not sure what the problem is with your PKI, but in regards to the subject of your post, you don't really need to use SSL with LDAP for AD password change. There are some situations that make that easier, but it is definitely not required. Was that the primary reason you were getting DC certs?

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"apex52" <apex52@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:9A9FD26D-9491-4DBF-B272-BA7EDE8E42B4@xxxxxxxxxxxxxxxx
I am running Server 2008 ENT and have a Enterprise CA installed on a member
server. I am unable to create a SSL certificate using the DomainController
Template. I continually receive "Denied by Policy Module" messages in regard
to DNS and SAN. I am able to create the request.inf through the certificates
MMC under Personal\Certificates, however when I try to submit the request, I
receive the Denied Module message. I have tried it at the command line with
the same results. In the certserv page, Domain Controller does not show up
and anonymous has been disabled in IIS. The certificate template security has
Domain Controllers\Admins and Enterprise Admins\Domain Controllers with
read\enroll\autoenroll enabled.

I have also run the command which allows SAN in the cert. Is there a step by
step for 2008 somewhere and certificates? I am at a complete loss. Thanks.

.

Relevant Pages