Active Directory Certificate Services


Has anyone been able to successfully sign the default certificates that Openfire creates with Active Directory Certificate Services?

I have created CSRs in the Openfire GUI, and when I paste them into the ADCS GUI it creates valid certificates & chains. But when I try to paste the signed certificate (or chain) back into Openfire it just keeps telling me that “An error occured while importing the Certificate Authority reply. Verify that the reply is correct and that it belongs to the correct certificate”.

Also, everytime I restart the service I get an error message about a corrupt keystore. If I go to the Server Certificates page in the Openfire GUI & recreate the certificates it all comes good.


p.s. Windows Server 2003 sp2 environment

Did you manage to get a certificate signed from ADCS?

I’m trying to do the same but it’s such a pain in the arse!

All I wanted is a cert from ADCS so that all the computers on the domain will stop complaining about the cert being signed by an untrusted source when PSI fires up.

Let me know how you did it, if you did.


Jake Turner