Windows Server 2012 R2上通过SSL的AD LDS [英] AD LDS through SSL on Windows Server 2012 R2

问题描述

我试图将AD LDS实例配置为通过SSL运行，以便我可以使用应用程序从另一台计算机连接到它并执行密码更改操作。

i am trying to configure my AD LDS instance to run through SSL so that i can connect to it from another computer using my application and perform password change operations.

我安装了证书颁发机构以创建服务器证书，该证书可以在我的AD LDS实例上使用。我将证书添加到AD LDS实例的个人存储中，并向所有人授予了对该证书的读取权限（我找不到仅向其添加我的AD LDS服务名称的方法。）

I installed the Certificate Authorities to create a Server certificate which i can use on my AD LDS instance. I added the certificate to the Personal Store of the AD LDS instance and gave read permission on the certificate for everyone (i couldn't find how to add only my AD LDS service name to it.)

当我尝试使用配置命名上下文和SSL端口636以及使用基于SSL的Encription连接到ADSI编辑中的此实例时，我收到服务器无法运行的错误。

When i try to connect to this instance in the ADSI edit using Configuration naming context and the SSL port 636 plus the use SSL-based Encription i got the error that the Server is not operational.

我想念什么？我该如何检查出什么问题了？

What am i missing? How can i check what went wrong?

推荐答案

首先，请确保没有丢失与SSL证书关联的私钥。其次，将SSL证书安装到AD LDS实例时，必须先选择服务帐户，然后再将证书添加到个人存储中。否则，如果您向主动登录用户的个人存储中添加了证书，则AD LDS将无法使用该证书。根据您的问题陈述，听起来这两个问题之一或同时发生。以下是对丢失的私钥进行故障排除的文章：要执行什么步骤恢复SSL证书的私钥。仅在运行该文章之后，首先验证私钥是否到位（非常重要），然后在下一篇文章中进行遍历，本文概述了向AD LDS添加证书的正确过程：为AD LDS配置LDAP over SSL要求。

First, ensure the private key associated with the SSL certificate isn't missing. Second, when you install an SSL certificate into an AD LDS instance, you must select service account before adding certificate into the Personal store; otherwise if you added certificate to the Personal store of the actively logged-in user then AD LDS won't be able to use that. Based on your problem statement it sounds like one of these two problems, or both, have occurred. Here is an article to troubleshoot a missing private key: What are the steps to recover the private key of an SSL certificate. Only after running that article first verifying if the private key is in place (very important), then run through this article next, which outlines correct procedure to add a certificate to AD LDS: Configuring LDAP over SSL Requirements for AD LDS.

这篇关于Windows Server 2012 R2上通过SSL的AD LDS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！