Step 2: Verify the Client Authentication certificate Open the Output.txt file, and then search for errors. To follow this step, you must have the Certutil command-line tool installed. On the client computer, open a Command Prompt window.Īt the command prompt, type the following command to send the command output to a file that is named Output.txt: certutil -v -urlfetch -verify serverssl.cer > output.txt On the domain controller, use the Certificates snap-in to export the SSL certificate to a file that is named Serverssl.cer.Ĭopy the Serverssl.cer file to the client computer. To determine whether the certificate is valid, follow these steps: The certificate chain is valid on the client computer. To verify that the key is available, use the certutil -verifykeys command. The associated private key is available on the domain controller. The enhanced key usage extension includes the Server Authentication object identifier (1.3.6.1.5.5.7.3.1).
![critical ops connection problem critical ops connection problem](https://i.ytimg.com/vi/uGByqZphGgU/maxresdefault.jpg)
![critical ops connection problem critical ops connection problem](https://media.springernature.com/original/springer-static/image/art:10.1007%2Fs11740-010-0242-5/MediaObjects/11740_2010_242_Fig3_HTML.gif)
The common name (CN) in the Subject field.The Active Directory fully qualified domain name of the domain controller appears in one of the following locations: Make sure that the Server Authentication certificate that you use meets the following requirements:
#Critical ops connection problem how to#
This article discusses steps about how to troubleshoot LDAP over SSL (LDAPS) connection problems.Īpplies to: Windows Server 2003 Original KB number: 938703 Step 1: Verify the Server Authentication certificate