[.NET] Using SSL with ADAM
How to obtain a server certificate on a Windows 2003 Server. If you already have a certificate, import it into your "Personal store" and skip to the second section on Using the certificate with the ADAM service.
To create a certificate you need to install IIS and Certificate Authority. For information on how to install IIS refer to the Microsoft website. To install a Certificate authority select the Certificate services check box.
Once the installation is complete, request a certificate using your browser (address: http://localhost/certsrv):
- Click Request a certificate.
- Click Advanced certificate request.
- Click Create and submit a request to this CA.
- In the Name box, type the full DNS name of the server.
- Make sure Type of certificate is "Server authentication certificate".
- Select PCKS10 as the format.
- Optional: Optionally, fill in the other information.
- In the Friendly name text box, write the full DNS name of the server.
- Click the Submit button.
You have now created a certificate request. To create a certificate we need to process the request:
- Open .
- Browse to the "Pending requests" folder.
- Locate the certificate request, right-click it, and click All tasks\issue.The certificate has now been created and resides in the "Issued certificates"-folder.
Next we need to download and install the certificate:
- Open http://localhost/certsrv.
- Click View the status of a pending certificate request.
- Click the certificate request.
- Click the certificate to install it.
- Using the certificate with the ADAM service
- To let our ADAM service use the certificate we need to put the certificate in the personal store for the ADAM service.
- On the Start menu, in Run, type mmc.This open the Microsoft Management Console.
- Click .
- Click Add and select Certificates.
- Select Service account.
- Select Local computer.
- Select your ADAM instance service.
- Add a new "Certificate" snap-in, but this time select "My user account" instead of "Service account".
- Click Close and OK.
- Open the "Personal"-folder under the "Certificates - Current user"-tree.
- Select the certificate and copy it into the same location under "Certificates - adam instance name".
- Give the ADAM service account read permissions to the key using winhttpcertcfg (best practice) or by browsing to
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys.If these permissions are not set correctly you will get an error in the event log: Schannel ID: 36870 - "A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x6.
- Restart your ADAM instance.
- Verifying that SSL is working
- The remaining steps verify that SSL is working with ADAM.
- Run the ADAM Tools Command Prompt from your ADAM program group.
- Type "ldp" and press Enter.
- Click .
- Type the DNS name of your server in the server text box.localhost will not work as the DNS name is checked against the certificate
- Enter the SSL port of your ADAM installation (636 or 50001 or whatever you chose during the installation of ADAM).
- Select the SSL check box and click OK.