Assigning the Certificate to ADAM

To support secure binds and encrypt the user and password information being transmitted, a SSL certificate must be installed on the server and any LDAP client.

Before you begin

Role required: admin

About this task

Since there is limited and controlled uses to the ADAM service, it is feasible to use a self-signed certificate which would meet the needs without incurring certificate costs or building a Certificate Authority (CA) infrastructure.

To assign the certificate to ADAM.

Procedure

  1. Open the Certificates MMC console. Create two console connections, one for Local Computer Certificates, and the other for Local Computer Services Certificates on the new ADAM service. The new certificate can be found under Certificates (Local Computer)\Personal\Certificates.
  2. Copy the certificate to the container for the ADAM service, Certificates – Service (ADAM Service Name)\ADAM_ADAM Service Name\Trusted Root Certificates\Certificates. Also copy the certificate to Certificates – Service (ADAM Service Name)\ADAM_ADAM Service Name\Personal\Certificates.
  3. Open the details tab on the certificate you copied. Note the Valid from date stamp. Now assign read access to the certificate key file. Go to C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys and identify the certificate with the matching time stamp. Assign Read & Execute rights to the service account running ADAM. By default this is Network Service.
  4. Restart the ADAM service to activate the new certificate.