How to setup SChannel Security?
From: Robert Livermore (robl_at_mavpro.com)
Date: 08/05/03
- Next message: Doug Champaigne: "Logging onto Windsow 2000"
- Previous message: Jason: "Maybe have found the first rootkit/worm exploiting the dcom/rpc vuln"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 5 Aug 2003 11:05:20 -0700
Thanks for the help in advance.
I am currently participating in the ADAM
(http://www.microsoft.com/windowsserver2003/adam/default.m
spx ) beta test program. I am trying to set up the ADAM
service on XP sp1. In order to create and ADAM account,
the set and change password all must be done though SSL.
I am trying to set the ADAM LDAP Port to 389 and the SSL
port to 636.(default ports)
Therefore the test lab consists of:
Certificate Server
OS: Member Window 2000 Server - Service Pack 4.
Certificate Services -standalone mode.
name Network Identification Tab Full computer name
ADAM Service
OS: Windows XP sp1
Hot Fix Q817583
Runs under the NETWORK SERVICE account.(NT
AUTHORITY\NetworkService)
Problem:
When I try to access the service through the SSL port
(636) I receive channel errors (listed in the error
reference below). ADAM indicates it cannot create SSL
connection. I have figured out how to install the CA
Certificate to make my Certificate Server a "trusted root
certificate authority"
Question 1:
How do you install on XP sp1 a "Server Authentication
Certificate" which uses the 'Microsoft RSA Schannel
Cryptographic Provider' with a key size of 512 bit key?
The certificate is also required to contain the "private
key information property"
Question 2:
Where are the XP OS manuals related to setup of
certificates?
Where are the Certificate Server manuals that explain
what all the options do on the advanced certificate
request? I am new to the technology and need a little
more background information. Looking for definitions for
terms like:"Certification Path"
Error References
Event Type: Information
Event Source: ADAM [faDirectory] LDAP
Event Category: LDAP Interface
Event ID: 1220
Date: 8/5/2003
Time: 9:34:29 AM
User: N/A
Computer: ADAMXP
Description:
LDAP over Secure Sockets Layer (SSL) will be unavailable
at this time because the server was unable to obtain a
certificate.
Additional Data
Error value:
8009030e No credentials are available in the security
package
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Schannel
Event Category: None
Event ID: 36869
Date: 8/5/2003
Time: 10:15:17 AM
User: N/A
Computer: ADAMXP
Description:
The SSL server credential's certificate does not have a
private key information property attached to it. This
most often occurs when a certificate is backed up
incorrectly and then later restored. This message can
also indicate a certificate enrollment failure.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: Schannel
Event Category: None
Event ID: 36872
Date: 8/5/2003
Time: 10:15:17 AM
User: N/A
Computer: ADAMXP
Description:
No suitable default server credential exists on this
system. This will prevent server applications that expect
to make use of the system default credentials from
accepting SSL connections. An example of such an
application is the directory server. Applications that
manage their own credentials, such as the internet
information server, are not affected by this.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
- Next message: Doug Champaigne: "Logging onto Windsow 2000"
- Previous message: Jason: "Maybe have found the first rootkit/worm exploiting the dcom/rpc vuln"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
