Re: computer certificate L2TP
From: joe leone (Joe.Leone@Beacon.com.au)
Date: 10/11/02
- Next message: JC..: "I screwed up (MMC console)"
- Previous message: kb: "SSL and OWA"
- In reply to: Seth Hayden: "computer certificate L2TP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "joe leone" <Joe.Leone@Beacon.com.au> Date: Fri, 11 Oct 2002 10:59:53 +0800
Apologies for not adding all the information.
I have already set up a enterprise root CA, a intermediate CA to issue
certificates.
The desktops which are part of the regular domain are automatically being
issued with computer certificates.
However I can not get a client which is not part of the domain to be issued
a computer certificate.
When I connect using PPTP and use the web enrolment method
(http://Certificate Authority/CertSrv ) , there is no option to request a
computer certificate.
I have also tried the following
Installed a stand alone CA with access to the Enterprise CA
Installed a computer certificate (on this server) issued by the
intermediate CA
Point the client browser to this CA and request a certificate.
Add the IPsec template (and others)
There is still no option to request a compter certificate.
So
Can a client which has not joined a domain have a computer certificate
issued from a CA?
If so how?
Thanks Joe leone
"Seth Hayden" <seth@nospam.lexicomdirect.com> wrote in message
news:073c01c26ffe$32619ef0$35ef2ecf@TKMSFTNGXA11...
> You can setup Certificate Services either in StandAlone
> or Enterprise config. Standalone is just that, no AD
> integration. Enterprise is AD intergrated. You can
> install the Standalone on any Win2K Server even one that
> is a member of a domain.
> Anyhow, once installed, you would point the clients to
> the web site just like the documentation states and they
> request one. All requests must be approved by an Admin
> (person in charge of mundane task) and the client can
> return to pick up certificate.
>
> Of course in reality, it doesn't work this easy, but....
>
> Seth Hayden
> >-----Original Message-----
> >Hi , I am setting up a VPN and have got a connection
> going with PPTP. I
> >want to enable the use of L2TP/IPSec. This requires
> that the remote clients
> >and the VPN server have a computer ( machine)
> certificate installed.
> >
> >My issue is how do I create a computer certificate for a
> remote client which
> >is not part of a W2K domain.
> >The VPN is in the DMZ and it also is not part of the
> domain.
> >All the articles I've read indicate that you point the
> browser to
> >http://Certificate Authority/CertSrv and request a
> certificate or enable
> >auto-enrolment which will issue the certificate when the
> client joins the
> >domain.
> >I do not what the VPN server or the remote clients to be
> members of the
> >domain
> >
> >Thanks
> >Joe Leone
> >
> >
> >
> >.
> >
- Next message: JC..: "I screwed up (MMC console)"
- Previous message: kb: "SSL and OWA"
- In reply to: Seth Hayden: "computer certificate L2TP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
