How to Use the Certificate with the ADAM Service
To let the ADAM service use a certificate, you need to put the certificate into the personal store of the ADAM service.
-
On the Windows Start menu, click Run and type
mmc.
This opens the Microsoft Management Console.
- Click .
- Click Add, and click Certificates.
- Click Service account.
- Click Local computer.
- Select the ADAM instance service.
- Add a new "Certificate" snap-in, but this time click My user account instead of Service account.
- Click Close and OK.
- Expand the "Personal" folder under the Certificates - Current user tree.
- Select the certificate and copy it into the same location under "Certificates - adam instance name".
-
Give the ADAM service account read permissions to the key by doing one of the
following:
- Using winhttpcertcfg (best practice).
- Browsing to:
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys.
If these permissions are not set correctly you will get an error in the event log:Schannel ID: 36870 - "A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x6."
- Restart the ADAM instance.