rslocalhost
Dabbler
- Joined
- Jan 1, 2018
- Messages
- 29
I'm trying to fix a broken AD service (Freenas 11.3). I think the problem is a certificate one. My [Windows Server] DC cert recently expired. I have a new one installed and working on the Windows server. I got a notice from my freenas the cert for the DC had expired (true). I was trying to update it, but it's not working.
I can export the DC's certificate, but not it's private key (private key is marked not exportable). Importing into system -> certificates -> add doesn't seem to work since that seems to require the private key ("Private key is required when importing a certificate"). I can import it as a CA no problem, but I suspect that's not the right place.
In Directory Services -> Active Directory -> Certificate, I can only select the CA certs. If I select the DC's cert and try to enable the service, I get "Certificate matching query does not exist.". If I select the true CA root that signed the DC's cert, then I get "KeyError 'key_length'".
Can anyone shed some light on this? Which one is correct and what do I have to do to fix this?
I can export the DC's certificate, but not it's private key (private key is marked not exportable). Importing into system -> certificates -> add doesn't seem to work since that seems to require the private key ("Private key is required when importing a certificate"). I can import it as a CA no problem, but I suspect that's not the right place.
In Directory Services -> Active Directory -> Certificate, I can only select the CA certs. If I select the DC's cert and try to enable the service, I get "Certificate matching query does not exist.". If I select the true CA root that signed the DC's cert, then I get "KeyError 'key_length'".
Can anyone shed some light on this? Which one is correct and what do I have to do to fix this?
Last edited:
