This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 7.000000000000001%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPG%3C/text%3E%3C/svg%3E)
Having an issue changing the SSL certificate for Secure LDAP domain service in Entra.
Existing certificate will expire in 30 days.
What I have tried:
It should work....but it doesn't. Any thoughts?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
I gather you're following https://learn.microsoft.com/en-us/entra/identity/domain-services/tutorial-configure-ldaps - correct? If so, at which point exactly the procedure described in that article fails - and what's the error message?
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin
Fails shortly after clicking on "save". Error message not particularly helpful as it says "secure ldap configuration failed" Yes...I have followed the MS article. Wildcard certificate. Subject name matches the domain name. Key use types as indicated. Exported from certificate store in 3DES. Replacement certificate valid from yesterday to a year from now.
As per the article, "some common reasons for failure are if the domain name is incorrect, the encryption algorithm for the certificate isn't TripleDES-SHA1, or the certificate expires soon or has already expired".
If you've verified that all prerequisites are in fact satisfied, considering that this is a managed domain, your troubleshooting/remediation steps are limited - so I'd suggest opening a support ticket with Microsoft
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin
Thanks. I'll open a ticket.