Thursday, January 17, 2008
SelfSSL Connection Errors
The IIS Resource Kit's SelfSSL tool is a quick and sneaky way to get both IIS and ADAM running SSL for quick OAM sandbox environments. I've encountered ADAM connection errors if a self signing SSL had previously been generated on the same VM/server. Here's how you get a newly self signed SSL to work on the same machine:
- Move all the old certs into an archive directory located here: C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
- When you run the selfssl.exe command to install the self-signed SSL certificate into IIS, you must include the fully qualified machine name in the /N:cn parameter. For example: selfssl.exe /T /V:3650 /N:cn=oam.company.com
Verify that the new cert has been generated and that your ADAM run as user has read permissions on the cert and that should solve the problem.
Test your connection using LDP.exe, also using the fully qualified host name.
This is an excellent link with step-by-step instructions, (including the download location for the IIS 6.0 Resource kit from MS): http://geekswithblogs.net/jimiz/archive/2007/02/11/106006.aspx
Labels: SelfSSL for IIS
Permalink posted by Great Life Guru @ 3:12 p.m. 
