[.NET] Using SSL with ADAM
Obtaining a certificate
How to obtain a server certificate on a Windows 2003 Server. If you already have a certificate, import it into your "Personal store" and skip to the second section on Using the certificate with the ADAM service.
To create a certificate you need to install IIS and Certificate Authority. For information on how to install IIS refer to the Microsoft website. To install a Certificate authority select the Certificate services check box.
Once the installation is complete, request a certificate using your browser (address: http://localhost/certsrv):
- Click Request a certificate.
- Click Advanced certificate request.
- Click Create and submit a request to this CA.
- In the Name box, type the full DNS name of the server.
- Make sure Type of certificate is "Server authentication certificate".
- Select PCKS10 as the format.
- Optional: Optionally, fill in the other information.
- In the Friendly name text box, write the full DNS name of the server.
- Click the Submit button.
You have now created a certificate request. To create a certificate we need to process the request:
- Open .
- Browse to the Pending requests folder.
- Locate the certificate request, right-click it, and click All
tasks\issue.The certificate has now been created and resides in the Issued certificates folder.
Download and install the certificate:
- Open http://localhost/certsrv.
- Click View the status of a pending certificate request.
- Click the certificate request.
- Click the certificate to install it.
Using the certificate with the ADAM service
To let our ADAM service use the certificate we need to put the certificate in the ADAM service's personal store:
- On the Start menu, in Run, type mmc.This open the Microsoft Management Console.
- Click .
- Click Add and select Certificates.
- Select Service account.
- Select Local computer.
- Select your ADAM instance service.
- Add a new "Certificate" snap-in, but this time select "My user account" instead of "Service account".
- Click Close and OK.
- Open the "Personal"-folder under the "Certificates - Current user"-tree.
- Select the certificate and copy it into the same location under "Certificates - adam instance name".
- Give the ADAM service account read permissions to the key using
winhttpcertcfg (best practice) or by browsing to
C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys.If these permissions are not set correctly you will get an error in the event log: Schannel ID: 36870 - "A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x6.
- Restart your ADAM instance.
Verifying that SSL is working
To verify that SSL is working with ADAM:
- Run the ADAM Tools Command Prompt from your ADAM program group.
- Type "ldp" and press Enter.
- Click .
- Type the DNS name of your server in the server box.localhost will not work as the DNS name is checked against the certificate
- Enter the SSL port of your ADAM installation (636 or 50001 or whatever you chose during the installation of ADAM).
- Select the SSL check box and click OK.