After importing an SSL certificate on the C++ Connector Server (CCS) machine, an error of 'Confidentiality Required' is encountered when attempting to acquire an Active Directory Endpoint.
Test via other means such ldap browsers or LDP utility show that there is nothing wrong with the certificate.
Identity Manager 14.2
Identity Manager 14.3
Identity Manager 14.4
The certificate needs to be trusted by the account starting the CCS service.
There are two ways to ensure the certificate is properly trusted by the service account.
1. Normally, the account used to start the C++ Connector Server is Local System account. To manage ADS however, this account should be the same account that acquired the Root Certification Authority
i. From the Control Panel, Select Administrative Tools, Services.
ii. Double-click the C++ Connector Server entry.
iii. Verify that the account (a local administrator or a domain administrator) being used to run the service is the same account that was used to install the Root Certification Authority.
iv. Verify that the account password is correct.
v. If you have changed either the account or password, restart the C++ Connector Server service.
2. The other option is to load the certificate into the Computer Account instead and leave the service to be run by the Local system Account.
i. On the C++ Connector server machine, open up the MMC
ii. Go to File->Add/Remove Snap-ins
iii. Select the Certificates snap-in and click Add
You will now get the option of :
My user Account
iv. Select Computer account and then proceed to import the certificate in the trusted root store.
v. You need to restart the C++ Connector Service after this.