How to Use the Certificate with the ADAM Service

To let the ADAM service use a certificate, you need to put the certificate into the personal store of the ADAM service.

  1. On the Windows Start menu, click Run and type mmc.
    This opens the Microsoft Management Console.
  2. Click File > Add/Remove snap-in.
  3. Click Add, and click Certificates.
  4. Click Service account.
  5. Click Local computer.
  6. Select the ADAM instance service.
  7. Add a new "Certificate" snap-in, but this time click My user account instead of Service account.
  8. Click Close and OK.
  9. Expand the "Personal" folder under the Certificates - Current user tree.
  10. Select the certificate and copy it into the same location under "Certificates - adam instance name".
  11. Give the ADAM service account read permissions to the key by doing one of the following:
    • Using winhttpcertcfg (best practice).
    • Browsing to:

      C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys.

    If these permissions are not set correctly you will get an error in the event log:
    Schannel ID: 36870 - "A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x6."
  12. Restart the ADAM instance.