Hi there,
I am having issues adding the SSL certificate with AES256-SHA256 encryption on AAD Domain Services blade. I get the error below on my tenant and it doesn't process the change.
However, If I use the same certificate but exported with TripleDES-SHA1 encryption, AAD DS blade accepts the certificate.
Can you advise if we can only use TripleDES-SHA encrypted SSLs with Azure LDAPS and not AES256-SHA256 encrypted SSLs.
Thanks,
Rahul
@RahulJaswal-3585 Yes, TripleDES-SHA1 encryption is recommended with Azure LDAPS.
Recommendations:
- Use TripleDES-SHA1 encryption. Also make sure the password has at least 8 characters.
- Name should be postfixed with *.pfx suffix. For example, do not use xyz.com.pfx. This will error out with incorrect password.
@BijuThankappan-5910 - I tried to find the documentation around SSL encrytion method to use for Azure LDAPS but couldn't find any. Do you have any reference article from Microsoft confirming the above. It's very strange that Microsoft Azure LDAPS only supports TripleDES-SHA1 which is a very old encryption method and not AES256.
Thank you @BijuThankappan-5910
I will raise a ticket with Microsoft as well to see if there's any near future plan to accept the newer SSL encryption methods.
Hey, np Rahul.
If this helped you, then please "mark as answer" or "vote as helpful" wherever the information provided helps you to help others in the community.
Also, please update this thread with your findings from MS.
Cheers!
6 people are following this question.
