The task that follows discusses how to export the Active Directory server's root certificate, which is required to connect securely to the CDO to obtain user identity information.
Before you begin
You must know the name of your Active Directory server's root certificate. The root certificate might have the same name as the domain or the certificate might have a different name. The procedure that follows shows one way you can find the name; there could be other ways, however.
Procedure
Step 1 | Following is one way to find the name of the Active Directory Server's root certificate; consult Microsoft documentation for more information:
-
Log in to the Active Directory server as a user with privileges to run the Microsoft Management Console.
-
Click Start and enter mmc .
-
Click
-
From the Available Snap-ins list in the left pane, click Certificates (local).
-
Click Add.
-
At the Certificates snap-in dialog box, click Computer Account and click Next.
-
At the Select Computer dialog box, click Local Computer and click Finish.
-
Windows Server 2012 only. Repeat the preceding steps to add the Certification Authority snap-in.
-
Click .
The server's trusted certificates are displayed in the right pane. The following figure is only an example for Windows Server 2012; yours will probably look different.
|
Step 2 | Export the certificate using the certutil command.
This is only one way to export the certificate. It's a convenient way to export the certificate, especially if you can run a web browser and connect to the CDO from the Active Directory server.
-
Click Start and enter cmd .
-
Enter the command certutil -ca.cert
certificate-name .
The server's certificate is displayed on the screen.
-
Copy the entire certificate to the clipboard, starting with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE----- (including those strings).
|
What to do next
Import the Active Directory server's certificate into the CDO as a Trusted CA Certificate as discussed in Adding a Trusted CA Object.