Confidentiality Required error after importing SSL certificate for AD endpoint in IM

book

Article ID: 40213

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Issue:

After importing an SSL certificate on the C++ Connector Server (CCS) machine, an error of 'Confidentiality Required' is encountered when attempting to acquire an Active Directory Endpoint. 

Test via other means such ldap browsers or LDP utility show that there is nothing wrong with the certificate. 

Cause:

The certificate needs to be trusted by the account starting the CCS service. 

 

Environment

Release: CAIDMB99000-12.6.7-Identity Manager-B to B
Component:

Resolution

Resolution:


There are two ways to ensure the certificate is properly trusted by the service account. 


1. Normally, the account used to start the C++ Connector Server is Local System account. To manage ADS however, this account should be the same account that acquired the Root Certification Authority


i. From the Control Panel, Select Administrative Tools, Services. 


ii. Double-click the C++ Connector Server entry. 


iii. Verify that the account (a local administrator or a domain administrator) being used to run the service is the same account that was used to install the Root Certification Authority. 


iv. Verify that the account password is correct. 


v. If you have changed either the account or password, restart the C++ Connector Server service. 



 
 

2. The other option is to load the certificate into the Computer Account instead and leave the service to be run by the Local system Account. 


i. On the C++ Connector server machine, open up the MMC 


Start->Run-> mmc 


ii. Go to File->Add/Remove Snap-ins 


iii. Select the Certificates snap-in and click Add 


You will now get the option of : 


My user Account 


Service Account 


Computer Account  



 
 

iv. Select Computer account and then proceed to import the certificate in the trusted root store. 


v. You need to restart the C++ Connector Service after this. 

Attachments