Re: Certification Authority and L2TP

From: D. Cross [MS] (dcross@online.microsoft.com)
Date: 01/15/03 

From: "D. Cross [MS]" <dcross@online.microsoft.com>
Date: Wed, 15 Jan 2003 06:56:46 -0800

1. yes, so far so good.

2. enterprise CA is good.

3. This can sometimes be confusing for people, so that is OK. Request a
web server certificate on the RRAS machine (needs to be in the machine
account). The RRAS server can then use this for the L2TP/IPSEC. 

--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Victoria Morgan" <Vicky279@optonline.net> wrote in message
news:49b301c2bc13$67253f50$d2f82ecf@TK2MSFTNGXA09...
> Hi. I'm running a win2k network with 2 domain controllers,
> 3 member servers (one of which is a exchange 2000 server
> and one of which is a ISA and RRAS server) and
> approximately 250 workstations, the majority of which are
> win2k pro. We are connected to the internet by a router
> and a T1 line. We used one of the wizards in ISA server to
> implement a vpn solution for our remote clients and it
> seems to work well. In order to increase security we
> installed an enterprise CA on one of the member servers
> (not the member server that host our ISA and RRAS) to
> distribute certificates to our remote clients. The remote
> clients request and receive certificates successfully.
> When I try to implement a remote access policy to enable
> L2TP/IPSEC I receive a prompt stating that a certificate
> can't be found on the RRAS server. My question is
>  1.  Is our location of  the CA server correct or should
> it by placed on the RRAS server?
>  2.  Should it be an enterprise CA or standalone CA that
> gets installed?
>  3.  If the location of CA is correct how do I get a
> certificate on the RRAS server?
> Any help will be greatly appreciated. Thanks in advance.
> Vicky

Relevant Pages

  • Re: NT4 Ent root CA -> Standalone after W2k upgrade?
    ... After upgrading to Windows 2000 Server, ... cannot - until we remove certificate server and reinstall as an Enterprise ...
    (microsoft.public.win2000.security)
  • Re: Creating 10 year SSL certs using cert services
    ... I have seet up an Enterprise root CA at my root domain, ... However, when I go to create certificate requests and enter them on my http://localhost/certsrv page, I select "Web Server" and they are only good for 2 years. ...
    (microsoft.public.windows.server.general)
  • Re: Certificate Template Creation
    ... on your Enterprise server, install Virtual Server, then build a VM running Enterprise to be your standalone, offline rootCA ... create your certificate template on the Enterprise CA ... Domain Controller certificate. ...
    (microsoft.public.windows.server.general)
  • Certificate Services Install Problem
    ... I am trying to create an Enterprise CA on a Windows 2003 ... Server running ISA to issue machine certificates for IPsec ... When I try to install Certificate Services using the ...
    (microsoft.public.win2000.security)
  • Re: certificate server on 2003 - advice on type selection
    ... | You have few options to setup your CA server. ... | then my advice would be to install Enterprise CA (this would be enterprise ... | have after this is to control certificate issuance based on user ...
    (microsoft.public.win2000.security)
Loading