CSP required for LDAP over SSL certificate?
Hello, I'm using openSSL to generate certificates. According to the "Requirements" section (http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/b7721108-3ff5-46f9-8521-457ce623583d?prof=required) of creating this type of certificate (used for LDAP over SSL), you need to fulfill all those items on that list. I've completed them all (but one), LDAP over SSL (port 636) connects & binds just fine, but is the last option really required? : "You must use the Schannel cryptographic service provider (CSP) to generate the key." Don't understand how to complete that in any way using openSSL. Any ideas? Or just ignore it and perhaps all will work fine... maybe not... ????
September 3rd, 2010 3:35am

On Fri, 3 Sep 2010 00:35:11 +0000, TechAndy wrote: According to the "Requirements" section (http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/b7721108-3ff5-46f9-8521-457ce623583d?prof=required) of creating this type of certificate (used for LDAP over SSL), you need to fulfill all those items on that list. It would appear that you've posted the wrong URL here. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca
Free Windows Admin Tool Kit Click here and download it now
September 3rd, 2010 9:23am

Oooops. Here is the correct URL: http://support.microsoft.com/kb/321051/en-US
September 3rd, 2010 7:56pm

Hi, You can refer to the example .inf in the KB article. The ProviderName in the .inf file is "Microsoft RSA SChannel Cryptographic Provider", so it meets the requirement. Thanks. This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
September 9th, 2010 9:04am

I have found the answer. openssl 1.0.0a has built in the option for specifying a SCP. Here is the arg that works perfectly in meeting this requirement: "-CSP "Microsoft RSA SChannel" And the cert imports perfectly with the above (you won't be able to notice, but it does not provide an error) arg. Thanks!
September 14th, 2010 8:44pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics