This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 96%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPA%3C/text%3E%3C/svg%3E)
When LDAPS(636) call made to external forest domain Active Directory, the connection is getting failed and the below error message has been logged in the event viewer log.
"The certificate received from the remote server was issued by an untrusted certificate authority."
We have 2 untrusted forests, Forest-A and Forest-B, both the forests have it's own CA servers and during LDAPS call from Forest-A to Forest-B, certificates are involved, hence the call is failing with the error message.
In my understanding, I need to share the same certificate between the untrusted forests to make LDAPS calls, please correct me if I am wrong.
I found out that we have to implement "cross-forest certificate enrollment" in order to achieve the LDAPS communication between the Untrusted External Forest Domains. Is that correct?
Please suggest me, how should I make LDAPS(636) call to Untrusted External Forest Domains Active Directory. (I still want to keep the forests untrusted)
I am implementing this using .net framework.
Thanks in advance.
Hi @Preetham Anandaram ,
You are receiving the error because the certificate that has been used for the LDAPS connection on the remote server is not trusted by the machine that is making the connection to the server. The root certificate of the certificate chain needs to be added to the trust root container.
Have a look at this article which may help troubleshoot the connection error.
https://nettools.net/howto-troubleshoot-ad-ldaps-connection-issues/
