I just upgraded our domain to Windows 2008 R2. We have a need to enable LDAP over SSL in our environment, so I created and submitted a certificate request to a 3rd party CA using the instructions provided in this Microsoft KB article: http://support.microsoft.com/kb/321051 When it came to importing the signed certificate from the CA, the above KB article references a new procedure/method for 2008 and newer in which it states to "add the certificate to the NTDS service's Personal certificate store". It then references this article for instructions on how to do this:http://technet.microsoft.com/en-us/library/dd941846(WS.10).aspx I followed the instructions in the above article, but when I tried to confirm LDAP over SSL was configured properly by using the LDP.exe utility, I get an error: ld = ldap_sslinit("dc1.valleycare.us", 636, 1); Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3); Error 81 = ldap_connect(hLdap, NULL); Server error: <empty> Error <0x51>: Fail to connect to dc1.valleycare.us. Additionally, there are events being logged in the System event log: Log Name: System Source: Schannel Date: 6/8/2011 4:47:03 PM Event ID: 36888 Task Category: None Level: Error Keywords: User: Computer: DC1 Description: The following fatal alert was generated: 48. The internal error state is 552. Log Name: System Source: Schannel Date: 6/8/2011 4:47:03 PM Event ID: 36882 Task Category: None Level: Error Keywords: User: Computer: DC1.valleycare.us Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate. When I contacted the 3rd party CA (Thawte) for support, they weren't aware of Microsoft's recommendation to use the NTDS service's Personal certificate store for 2008 and above. They suggested using the method used for older OS's and putting it in the local machine's Personal store. They also mentioned that I need to add their certificates to the Intermediate Certificate Store, but there was no mention of that in Microsoft's KB article. Can anyone help me out with this issue? Thank you.

Anyone just want to confirm how they imported 3rd party SSL certs in order to enable LDAP over SSL on 2008 R2?