安全LDAP-SSL证书问题
首先祝大家新年快乐 我对windows server 2008广告上的LDAP有一些问题 细节 服务器-Windows Server 2008 R2 角色-Active directory、CA、DNS、文件、ISS 为IIS创建的SSL证书-通配符-*.inbay.co.uk将与exchange服务器一起使用。从戈达迪购买* 我们正在通过端口636上的url ldap.inbay.com连接到服务器 端口转发和防火墙正常-请仔细检查 当我尝试连接时,它说它无法验证证书的颁发者,它为SSL LDAP连接提供自签名证书 我用LDAP管理员测试了这个 我在谷歌上搜索了几篇文章,没什么帮助 这是我在运行Certutil-VerifyStore命令时得到的输出安全LDAP-SSL证书问题,ssl,active-directory,ldap,Ssl,Active Directory,Ldap,首先祝大家新年快乐 我对windows server 2008广告上的LDAP有一些问题 细节 服务器-Windows Server 2008 R2 角色-Active directory、CA、DNS、文件、ISS 为IIS创建的SSL证书-通配符-*.inbay.co.uk将与exchange服务器一起使用。从戈达迪购买* 我们正在通过端口636上的url ldap.inbay.com连接到服务器 端口转发和防火墙正常-请仔细检查 当我尝试连接时,它说它无法验证证书的颁发者,它为SSL LD
Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.
PS C:\Users\Administrator> Certutil -VerifyStore MY
MY
================ Certificate 0 ================
Serial Number: 4b90e844870a99
Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository
, O=GoDaddy.com, Inc., L=Scottsdale, S=Arizona, C=US
NotBefore: 12/03/2013 13:29
NotAfter: 25/03/2014 10:18
Subject: CN=*.inbay.co.uk, OU=Domain Control Validated
Non-root Certificate
Template:
Cert Hash(sha1): b2 d6 9e 83 3c 58 54 83 52 fb 1a 15 50 ca 8c e3 ff 73 15 08
Key Container = {71FC82A4-088D-4E7E-90F7-02518A4737D7}
Unique container name: 9897d36f7e68959f5c8e90d29eb57258_17f1a298-bcac-495b-8ef3-1cc37965ce9e
Provider = Microsoft Enhanced Cryptographic Provider v1.0
Encryption test passed
Verified Issuance Policies:
2.16.840.1.114413.1.7.23.1
Verified Application Policies:
1.3.6.1.5.5.7.3.1 Server Authentication
1.3.6.1.5.5.7.3.2 Client Authentication
Certificate is valid
================ Certificate 1 ================
Serial Number: 3c56d548390980b8420af7c1965d2fd1
Issuer: CN=localhost
NotBefore: 06/08/2013 10:27
NotAfter: 06/08/2023 00:00
Subject: CN=localhost
Signature matches Public Key
Root Certificate: Subject matches Issuer
Template:
Cert Hash(sha1): 53 80 b4 86 29 33 14 be 3b 6f 77 12 0e c1 3d 9e a3 71 ba 34
Key Container = IIS Express Development Certificate Container
Unique container name: fad662b360941f26a1193357aab3c12d_17f1a298-bcac-495b-8ef3-1cc37965ce9e
Provider = Microsoft RSA SChannel Cryptographic Provider
Encryption test passed
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
CertContext[0][0]: dwInfoStatus=10c dwErrorStatus=20
Issuer: CN=localhost
NotBefore: 06/08/2013 10:27
NotAfter: 06/08/2023 00:00
Subject: CN=localhost
Serial: 3c56d548390980b8420af7c1965d2fd1
53 80 b4 86 29 33 14 be 3b 6f 77 12 0e c1 3d 9e a3 71 ba 34
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
Element.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
Application[0] = 1.3.6.1.5.5.7.3.1 Server Authentication
Exclude leaf cert:
da 39 a3 ee 5e 6b 4b 0d 32 55 bf ef 95 60 18 90 af d8 07 09
Full chain:
53 80 b4 86 29 33 14 be 3b 6f 77 12 0e c1 3d 9e a3 71 ba 34
Issuer: CN=localhost
NotBefore: 06/08/2013 10:27
NotAfter: 06/08/2023 00:00
Subject: CN=localhost
Serial: 3c56d548390980b8420af7c1965d2fd1
53 80 b4 86 29 33 14 be 3b 6f 77 12 0e c1 3d 9e a3 71 ba 34
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b01
09 (-2146762487)
------------------------------------
Verifies against UNTRUSTED root
================ Certificate 2 ================
Serial Number: 4ada0ad8a1800a8c4eca7496f0a354af
Issuer: CN=inbay-INBAY-DC01-CA, DC=inbay, DC=local
NotBefore: 24/09/2013 14:51
NotAfter: 24/09/2018 15:01
Subject: CN=inbay-INBAY-DC01-CA, DC=inbay, DC=local
CA Version: V0.0
Signature matches Public Key
Root Certificate: Subject matches Issuer
Template:
Cert Hash(sha1): 35 31 0a f7 22 ff 1e eb b9 e1 f7 46 07 b9 00 7e 26 72 11 26
Key Container = inbay-INBAY-DC01-CA
Unique container name: 3a799630eec48121d0d4d01abd8c671c_17f1a298-bcac-495b-8ef3-1cc37965ce9e
Provider = Microsoft Software Key Storage Provider
Signature test passed
Verified Issuance Policies: All
Verified Application Policies: All
Certificate is valid
================ Certificate 3 ================
Serial Number: 1f744eb2000000000002
Issuer: CN=inbay-INBAY-DC01-CA, DC=inbay, DC=local
NotBefore: 24/09/2013 17:26
NotAfter: 24/09/2014 17:26
Subject: CN=Inbay-DC01.inbay.local
Certificate Template Name (Certificate Type): DomainController
Non-root Certificate
Template: DomainController, Domain Controller
Cert Hash(sha1): 04 d9 93 c9 8e 30 bb 10 bd 5c ad 15 86 fd 93 58 ff 1f 52 a4
Key Container = 463be5b6728428cbeb4f0752659c5778_17f1a298-bcac-495b-8ef3-1cc37965ce9e
Simple container name: le-DomainController-160a2aad-80f6-409a-b56c-37730ce782ec
Provider = Microsoft RSA SChannel Cryptographic Provider
Private key is NOT exportable
Encryption test passed
Verified Issuance Policies: None
Verified Application Policies:
1.3.6.1.5.5.7.3.2 Client Authentication
1.3.6.1.5.5.7.3.1 Server Authentication
Certificate is valid
CertUtil: -verifystore command completed successfully.