LDAP ?? ?? SSL ??????? ???????? ?? ?????? ???? ????

???? ?????? ???? ??????
???? ID: 938703 - ?? ???????? ?? ?????? ??? ?? ?? ???? ???? ???? ??.
??? ?? ??????? ???? | ??? ?? ??????? ????

?? ????? ??

?????

?? ???? ????? ???? ?? ?? LDAP ?? ?? SSL (LDAPS) ??????? ???????? ?? ?????? ???? ?????

???? ???????

LDAPS ??????? ???????? ?? ?????? ????, ????? ????? ?? ???? ?????

??? 1: ????? ??????? ?????????? ????? ????

????????? ???? ?? ?? ?? ????? ???? ???? ????? ??????? ?????????? ????? ?????????? ???? ???? ??:
  • ????? ???????? ?? ?????? ?????????? ????? ?? ???? ??? ??????????? ??? ????? ??????? ??? ?? ?? ??? ????? ???? ??:
    • ???? ?????? ??? ??????? ??? (CN)
    • DNS ????????? ??? ???? ???????? ??? (SAN) ?????????
  • ????????? ????? ????? ????????? ????? ??????? ???????? ?????????? (1.3.6.1.5.5.7.3.1) ????? ???
  • ????????? ???? ????? ????? ???????? ?? ?????? ??? ???????? ???? ?? ????? ?????? ??, ?? ??? ?????certutil - verifykeys?????
  • ?????????? ???????? ??????? ???????? ?? ????? ??? ????????? ???? ?? ???? ?????? ???? ????? ??, ????? ????? ?? ???? ????:
    1. ????? ???????? ?? ??? ????? ??? Serverssl.cer ???? ?? ??? SSL ?????????? ??????? ???? ?? ??? ?????????? ?????-?? ?? ??????
    2. ??????? ???????? ?? ??? Serverssl.cer ????? ?? ????????? ??????
    3. ??????? ???????? ?? ?? ????? ????????? ????? ??????
    4. ????? ????????? ?? Output.txt ??? ?? ?? ???? ????? ?? ??? ??????? ?? ?????? ?? ????? ?? ??? ????? ???? ???? ????:
      certutil - v - urlfetch - serverssl.cer ?? ???? ???? > output.txt
      ???:?? ??? ?? ???? ????, ?? ??? ?? Certutil ????-?????? ????? ??????? ???? ?????? ??? ???? ??????? ?? ??? Certutil ??????? ???? ?? ??? ???? ???? ?? ???? ??? ?? Certutil ?? ????? ???? ???? ?? ???? ???, ????? Microsoft ??? ???? ?? ????:
      ????? ????????????? ?????????? ?? ?????
      HTTP://technet2.Microsoft.com/windowsserver/EN/Library/237d6abc-d0c0-454a-9b72-e3955664e3d31033.mspx?mfr=TRUE

    5. Output.txt ???? ?????, ?? ????????? ?? ??? ??? ?????

??? 2: ??????? ??????? ?????????? ????? ????

??? ?????? ???, LDAPS ????? ??????? ?????????? ?????? ???? ??? ??????? ???????? ?? ?????? ??? ??? ??? ??? ?????????? ?????? ??, ?? ????????? ???? ?? ?????????? ????? ?????????? ???? ???? ??:
  • ????????? ????? ????? ????????? ??????? ??????? ???????? ?????????? (1.3.6.1.5.5.7.3.2) ????? ???
  • ????????? ???? ????? ??????? ???????? ?? ?????? ??? ???????? ???? ?? ????? ?????? ??, ?? ??? ?????certutil - verifykeys?????
  • ?????????? ???????? ????? ???????? ?? ????? ??? ????????? ???? ?? ???? ?????? ???? ????? ??, ????? ????? ?? ???? ????:
    1. ??????? ???????? ?? ??? ????? ??? Clientssl.cer ???? ?? ??? SSL ?????????? ??????? ???? ?? ??? ?????????? ?????-?? ?? ??????
    2. ????? ?? ??? Clientssl.cer ????? ?? ????????? ??????
    3. ????? ?? ?? ????? ????????? ????? ??????
    4. ????? ????????? ?? Outputclient.txt ??? ?? ?? ???? ????? ?? ??? ??????? ?? ?????? ?? ????? ?? ??? ????? ???? ???? ????:
      certutil - v - urlfetch - serverssl.cer ?? ???? ???? > outputclient.txt
    5. Outputclient.txt ???? ?????, ?? ????????? ?? ??? ??? ?????

??? 3: ?????? SSL ?????????? ?? ??? ??????

??? ????? ?? ???? ?? ?? ???? SSL ?????????? ??? 1 ??? ?????? ?????????? ?? ??? ???? ??? Schannel (Microsoft SSL ???????) ?? ????? ????? ?????????? Schannel ??????? ???????? ??? ?????? ??? ????? ?? ?? ??? ???? ??? If multiple valid certificates are available in the Local Computer store, Schannel may not select the correct certificate. A conflict with a certification authority (CA) certificate may occur if the CA is installed on a domain controller that you are trying to access through LDAPS.

Step 4: Verify the LDAPS connection on the server

Use the Ldp.exe tool on the domain controller to try to connect to the server by using port 636. If you cannot connect to the server by using port 636, see the errors that Ldp.exe generates. Also, view the Event Viewer logs to find errors.For more information about how to use Ldp.exe to connect to port 636, click the following article number to view the article in the Microsoft Knowledge Base:
321051?? ?????-???? ?????????? ?????????? ?? LDAP ?? SSL ????? ???? ?? ??? ???? ????

Step 5: Enable Schannel logging

Enable Schannel event logging on the server and on the client computer.For more information about how to enable Schannel event logging, click the following article number to view the article in the Microsoft Knowledge Base:
260729How to enable Schannel event logging in IIS
???:If you have to perform SSL debugging on a computer that is running Microsoft Windows NT 4.0, you must use a Schannel.dll file for the installed Windows NT 4.0 service pack and then connect a debugger to the computer. Schannel logging only sends output to a debugger in Windows NT 4.0.

???

???? ID: 938703 - ????? ???????: 06 ?????? 2010 - ??????: 2.0
???? ???? ???? ??:
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
??????: 
kbexpertiseadvanced kbhowto kbinfo kbmt KB938703 KbMthi
???? ?????? ????????
??????????: ?? ???? ?? ???? ??????? ?? ????? ?? Microsoft ????-?????? ?????????? ?????? ?????? ???? ??? ??. Microsoft ???? ??? ????-???????? ?? ????-???????? ????? ?????? ?? ???? ???????? ???? ?? ???? ????? ????? ??? ?? ??? ?????? ?? ???? ???? ???? ??? ????? ??. ???????, ????-???????? ???? ????? ???? ???? ???? ???. ?????, ????????, ?????-???? ?? ??????? ?? ???????? ?? ???? ???, ???? ?? ??? ?????? ???? ???? ??? ????? ??? ?? ???? ??. Microsoft ??????? ??? ???? ?? ?????? ?? ??????????, ????????? ?? ??? ?????? ?? ???? ????? ?? ???? ???????? ?? ??? ???? ????? ?? ??? ????????? ???? ??. Microsoft ????-?????? ?????????? ?? ????? ?????? ?? ?? ??? ??.
?????????? ?? ??????? ????????? ??????? ??:938703

??????????? ???

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com