Problem with certificate in AD

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I'm quite lost on this at the moment, I'd be appreciative if someone
knew how to get out of this one:

I setup certificate services on the DC in my development domain. In
trying to troubleshoot why one of my developers couldn't get his app to
pull the certificate, I ended up doing the following which screwed me:

-Revoked the cert from the server side
-Uninstalled certificate services (In optional components wizard)
-Reinstalled certificate services

Now, his app (using JVM) throws back an error that references the old
certificate when handshaking with active directory on port 636. I've
deleted every reference I can find to this, but aparently something in
AD is still refering to this old certificate. (We have created a new
one and imported it in his java console, but still the same problem
exists)

I GREATLY appreciate any insight on this.

Cheers,
-James
2 answers Last reply
More about problem certificate
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    <james.cavenaugh@gmail.com> wrote in message
    news:1103045775.877185.265320@c13g2000cwb.googlegroups.com...
    > I'm quite lost on this at the moment, I'd be appreciative if someone
    > knew how to get out of this one:
    >
    > I setup certificate services on the DC in my development domain. In
    > trying to troubleshoot why one of my developers couldn't get his app to
    > pull the certificate, I ended up doing the following which screwed me:
    >
    > -Revoked the cert from the server side
    > -Uninstalled certificate services (In optional components wizard)
    > -Reinstalled certificate services

    Boy, that sounds like overkill for what seems to
    have been an application problem.

    > Now, his app (using JVM) throws back an error that references the old
    > certificate when handshaking with active directory on port 636. I've
    > deleted every reference I can find to this, but aparently something in
    > AD is still refering to this old certificate. (We have created a new
    > one and imported it in his java console, but still the same problem
    > exists)
    >
    > I GREATLY appreciate any insight on this.

    You might go through his security store (MMC on the
    user machine) and remove all of the revoked certificates
    and insure the machine has all of the NEW trust certs
    (from the new CS.)

    --
    Herb Martin


    >
    > Cheers,
    > -James
    >
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    On your Domain controllers take a look at the certificate store as well as
    the trusted CA's. Delete the references to the old CA and the certificates
    it issued.

    Make sure that the new CA is working and AD integrated.

    Import the CA chain into the servers to be sure.

    Make sure that the client machine has the CA chain and a machine level
    certificate.
    ----------------------------------------------------------------------------
    -----
    If that doesn't work...
    1. Uninstall the CA, but keep the Chain and server Certificates on disk,
    just in case.
    2. Reboot the server
    3. Remove all references to the old CAs and its certificates
    4. Remove all references to the old CAs and its certificates on the
    workstation
    5. Boot the server
    6. Reinstall the AD Integrated Enterprise Root CA... the domain and servers
    will issue themselves new certificates

    --
    Ryan Hanisco
    MCSE, MCDBA
    Flagship Integration Services

    <james.cavenaugh@gmail.com> wrote in message
    news:1103045775.877185.265320@c13g2000cwb.googlegroups.com...
    > I'm quite lost on this at the moment, I'd be appreciative if someone
    > knew how to get out of this one:
    >
    > I setup certificate services on the DC in my development domain. In
    > trying to troubleshoot why one of my developers couldn't get his app to
    > pull the certificate, I ended up doing the following which screwed me:
    >
    > -Revoked the cert from the server side
    > -Uninstalled certificate services (In optional components wizard)
    > -Reinstalled certificate services
    >
    > Now, his app (using JVM) throws back an error that references the old
    > certificate when handshaking with active directory on port 636. I've
    > deleted every reference I can find to this, but aparently something in
    > AD is still refering to this old certificate. (We have created a new
    > one and imported it in his java console, but still the same problem
    > exists)
    >
    > I GREATLY appreciate any insight on this.
    >
    > Cheers,
    > -James
    >
Ask a new question

Read More

Certificate Active Directory Windows