Hi,

 I am trying to integrate RHDS 8.0 with windows 2003 ads on centos 5.1 as per the centos documentation for user/group and password sync from windows ADS.

 I am using windows sync and Passsync . But i am facing problem with the certificate creation.

##########################################################################
Followed the below step in centos box runing rhds to setup ssl.

###########################################################################
       secretpw 
 vi noise.txt
dsadasdasdasdadasdasdasdasdsadfwerwerjfdksdjfksdlfhjsdk
 certutil -N -d . -f pin.txt   (results, makes 3 files with db extension)
 certutil -G -d . -z noise.txt -f pin.txt
 certutil -S -n "CA Certificate" -s "cn=CAcert" -x -t "CT,,"
-m 1000 -v 9999 -d . -z noise.txt -f pin.txt

(generates CA certificate and puts into db stores, can be verified with:
certutil –L –d . –n "Certificate Name", where Certificate Name is CA Certificate)
 certutil -S -n "server-cert" -s "cn=FQDN,cn=Directory Server" -c "CA Certificate" -t "u,u,u" -m 1001 -v 9999 -d .        
-z noise.txt -f pin.txt
 pk12util -d . -o cacert.pk12 -n "CA Certificate"
pk12util -d . -o dscert.pk12 -n "server-cert"

###############################################################################################################################

After that when i executed ldapsearch -x -ZZ it showing all the entries properly on rhds centos box,
 so its indicates ssl was perfectly configured on RHDS

##################################################################################################################################

STEPS FOLLOWED ON WINDOWS 2003 ADS BOX to Set up SSL on the Active Directory Server

Create DB Stores For PassSync in windows 2003 ads server

 pk12util -d . -i dscert.pk12 
 certutil -d . -M -n server-cert -t "P,P,P"


ERROR


When i executed the above command on windows 2003 ads box it giving me following error

certutil.exe unable to decode trust strings error 0



Also the certificate created from centos box using certutil
is showing validation date  and expiration date as  current date and time in both  CA Cert and   Server-cert

i checked the certificate content by using
certutil –L –d . –n "Certificate Name"
certutil –L –d . –n "Server-cert"



Plz help me how to troubleshoot this error.

Regards
lingu