How to Use the Address Book to Test SSL Connectivity (319970)

MORE INFORMATION

Configuring the Address Book

You can verify that your server authentication certificate is working properly by testing if you can establish a 128-bit SSL connection between your server and a Windows 2000-based domain controller. Note that this only works if a certificate has also been issued to the domain controller from the same certificate authority (CA) that issued the certificate for your server. To verify that your server authentication certificate is working properly:

1. After you install the required certificates, on the server, click Start, point to Search, and then click For People.
2. In the Look in box, click Active Directory.
3. Right-click Active Directory, and then click Properties.
4. In the Active Directory Properties dialog box, type the fully qualified domain name of the domain controller to which you want to connect in the Search Name box, for example, domain controller name.domain name.com.
5. If you are logged on with a domain account that has permissions to search the Active Directory, you can skip this step. Otherwise, provide administrator-level credentials for this domain controller in the Account and Password boxes. For example:

   Account: domain name\user name
   Password: password

   NOTE: domain name is the name of your domain where the account exists, and user name is the account that you are using to log on. The password must be the password for the account that you are using.
6. After you have specified the domain controller and the appropriate credentials, click the Advanced tab, and then specify SSL connectivity for LDAP (the port must be set to 636).
7. Select a search base that is appropriate to your Active Directory structure, for example CN=Users,DC=domain,DC=com.
8. Click OK to close the Active Directory Properties dialog box.

Searching for People Against Active Directory

1. In the Find People dialog box, click Active Directory in the Look in box.
2. Click the Advanced tab.
3. In the define criteria section, select the following criteria for the search:

   NAME Contains Administrator

4. Click Add, and then click Find Now.

If your server can establish a 128-bit SSL connection to the domain controller, you see the results of your search in the Results pane of the Find People dialog box. If you cannot establish a 128-bit SSL connection to the domain controller, you may receive the following error message, or one that is similar to this error message: This message may have several causes, so other possible causes should be ruled out. Verify that all server name and credential information is correct. To help rule out other error causes, configure the port setting on the Advanced tab under Active Directory properties (that was previously described) to be the default LDAP port (389), and then repeat the test. If the test still does not work, you may have a name resolution problem, or other connectivity problem.

If you still cannot establish a 128-bit connection to the domain controller after you verify that the test works when you are using port 389, again verify that all required certificates are properly installed in the correct locations on the appropriate servers. Also, verify that all computers are running 128-bit encryption. Note that the 128-bit setting is included in computers that are running Windows 2000 Service Pack 2.