On my domain controller, I added the Certificate Manager role, created the certificate template, created a new certificate, exported the certificate, and assigned the certificate to the Active Directory Domain Services:
But I still can't connect with ldp.exe over SSL:
Wireshark on the client machine (192.168.0.114) displays the following:
What did I miss?
See here for more details on the steps I did.
EDIT1
From WSL on the client machine:
gnutls-cli -p 636 my.local
Processed 146 CA certificate(s).
Resolving 'my.local:636'...
Connecting to '192.168.0.123:636'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
- subject `CN=myserver.my.local', issuer `CN=my-MYSERVER-CA,DC=my,DC=local', serial 0x750000000212089946907c8e3b000000000002, RSA key 2048 bits, signed using RSA-SHA256, activated `2025-09-30 13:28:52 UTC', expires `2027-09-30 13:38:52 UTC', pin-sha256="ougpnHhxjdx120xX9bN9Y6seqSDtAONKxGCHCAoQYjw="
Public Key ID:
sha1:106bc6bd39fa5897b55316c857d31a30148473d2
sha256:a2e8299c78718ddc75db4c57f5b37d63ab1ea920ed00e34ac46087080a10623c
Public Key PIN:
pin-sha256:ougpnHhxjdx120xX9bN9Y6seqSDtAONKxGCHCAoQYjw=
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
192.168.0.123, or only formyserver.my.local? And is it issued for the 'TLS Server' extended usage, or only for 'Kerberos KDC'? What do other TLS clients say about it, likegnutls-cliif you have any Linux system?