Hey everyone! I'm running into an issue with LDAPS on our Xerox printers. As soon as we enable the "LDAP signing server requirements" GPO and configure the printers to use LDAPS on port 636, our users can't seem to browse the address book anymore. I did some testing on the local CA server and it looks like some certificates might be missing or corrupted. When I try to connect, I get various errors including issues related to LDAP and a message saying the keyset does not exist. Can anyone help me figure out how to resolve this? Thanks!
3 Answers
It sounds like you might not have a valid SSL/TLS certificate or it could be expired. You can check it with OpenSSL, but I know it might be tough to install in some environments.
Make sure your server is definitely listening on port 636. If it is, check the local certificates to ensure there's a valid one for your server's fully qualified domain name (FQDN).
I found that using the server's FQDN instead of its IP address for the LDAPS connection worked successfully for me. Make sure your Xerox printer is set up to use the FQDN and not just the IP. It could be the missing link here!
Yep, you need to use the FQDN for LDAPS to work properly since the certificate is issued for that name.
I can't install OpenSSL easily here, and PowerShell is blocked too. I checked IIS Manager though, and I only see HTTP on port 80.