Duo Gateway LDAPS setup

I’m converting from clear text to ldaps between my on prem access gateway and my DC. I couldn’t get it to connect so I downloaded and ran the acert.exe tool. It returned back that it could talk to my DC but it was getting an expired certificate. I’ve removed the expired certificate and created a new one but now the acert.exe tool is returning

“Oh no! I failed to connect: ( err=‘read tcp 1.1.1.1:22222->1.1.1.2:636: wsarecv: An existing connection was forcibly closed by the remote host.’”

I have the new certificate in both personal and trusted root on both my DC and the gateway. I’ve tried both a client and a server auth certificate. Can anyone get me pointed in the right direction as to what my issue is?

Are you able to connect to the DC on 636 using LDAPS with a different tool (like LDP)?

1 Like

Nope. I wasn’t aware of that tool. This gives me something to go off of. Thank you!

Edit. My issue was that I wasn’t creating the certificate correctly. Using this document from Microsoft, I was able to generate a new cert, test with ldp.exe from another DC, then test with acert.exe from my Access Gateway server. I uploaded the new certificate to my Access Gateway server and voila! Thank you for getting me on the right track @DuoKristina!