Confidentiality Required error after importing SSL certificate for AD endpoint in IM
search cancel

Confidentiality Required error after importing SSL certificate for AD endpoint in IM


Article ID: 40213


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite



After importing an SSL certificate on the C++ Connector Server (CCS) machine, an error of 'Confidentiality Required' is encountered when attempting to acquire an Active Directory Endpoint. 

Test via other means such ldap browsers or LDP utility show that there is nothing wrong with the certificate. 






Identity Manager 14.2 
Identity Manager 14.3
Identity Manager 14.4


The certificate needs to be trusted by the account starting the CCS service. 


There are two ways to ensure the certificate is properly trusted by the service account. 


1. Normally, the account used to start the C++ Connector Server is Local System account. To manage ADS however, this account should be the same account that acquired the Root Certification Authority


i. From the Control Panel, Select Administrative Tools, Services. 


ii. Double-click the C++ Connector Server entry. 


iii. Verify that the account (a local administrator or a domain administrator) being used to run the service is the same account that was used to install the Root Certification Authority. 


iv. Verify that the account password is correct. 


v. If you have changed either the account or password, restart the C++ Connector Server service. 


2. The other option is to load the certificate into the Computer Account instead and leave the service to be run by the Local system Account. 


i. On the C++ Connector server machine, open up the MMC 


Start->Run-> mmc 


ii. Go to File->Add/Remove Snap-ins 


iii. Select the Certificates snap-in and click Add 


You will now get the option of : 


My user Account 


Service Account 


Computer Account  



iv. Select Computer account and then proceed to import the certificate in the trusted root store. 


v. You need to restart the C++ Connector Service after this.