Confidentiality Required error after importing SSL certificate for AD endpoint in IM
search cancel

Confidentiality Required error after importing SSL certificate for AD endpoint in IM

book

Article ID: 40213

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

Issue:

After importing an SSL certificate on the C++ Connector Server (CCS) machine, an error of 'Confidentiality Required' is encountered when attempting to acquire an Active Directory Endpoint. 

Test via other means such ldap browsers or LDP utility show that there is nothing wrong with the certificate. 

 

 

 

Environment

 

Identity Manager 14.2 
Identity Manager 14.3
Identity Manager 14.4


Cause

The certificate needs to be trusted by the account starting the CCS service. 

Resolution

There are two ways to ensure the certificate is properly trusted by the service account. 

 

1. Normally, the account used to start the C++ Connector Server is Local System account. To manage ADS however, this account should be the same account that acquired the Root Certification Authority

 

i. From the Control Panel, Select Administrative Tools, Services. 

 

ii. Double-click the C++ Connector Server entry. 

 

iii. Verify that the account (a local administrator or a domain administrator) being used to run the service is the same account that was used to install the Root Certification Authority. 

 

iv. Verify that the account password is correct. 

 

v. If you have changed either the account or password, restart the C++ Connector Server service. 

 

2. The other option is to load the certificate into the Computer Account instead and leave the service to be run by the Local system Account. 

 

i. On the C++ Connector server machine, open up the MMC 

 

Start->Run-> mmc 

 

ii. Go to File->Add/Remove Snap-ins 

 

iii. Select the Certificates snap-in and click Add 

 

You will now get the option of : 

 

My user Account 

 

Service Account 

 

Computer Account  

 


 
 

iv. Select Computer account and then proceed to import the certificate in the trusted root store. 

 

v. You need to restart the C++ Connector Service after this.