Re: Certificates for l2tp VPN

From: izael (izael.ochoa_at_reforma.com)
Date: 01/14/04 

Date: 13 Jan 2004 17:01:53 -0800

Thanks Brian, I did it, but it still doesnt work.

I installed a certificate in both the server and the client using the
"IPSec offline request" template, the certificate is in the Local
computeter store.
 
I tried with a stand alone CA, I installed a certificate in the server
and client from a standalone CA, and with these certificate the l2tp
vpn connection works without any problem, but with the Enterprise CA I
canīt install the correct certificate to make it work.

Do I miss something?, Do I have to modify something in the Active
Directory too

Thanks

Brian Komar <bkomar@komarconsulting.com.nospam> wrote in message news:<MPG.1a6d2475fefa7179896a3@msnews.microsoft.com>...
> In article <d51193cc.0401121831.13158ae6@posting.google.com>,
> izael.ochoa@reforma.com says...
> > Hi everyone, Could somebody help me to install computer certificates
> > for l2tp vpn connections?
> >
> > I want to instal l2tp VPN certificates to a server and a computer
> > from a Win2000 Enterprise Root CA. I want to do it using the web page
> > request method, since we want only some computers to have certificates
> > installed. But in the web page, the Computer template does not appear,
> > and I cant find how to make it available. The computer template is
> > specified in the Plicy Settings folder of the CA, but it doesnīt
> > appear in the web page.
> >
> > How can I make it available for everyone?, or what other template can
> > I use?, I have tried with web server (in the server) an user (in the
> > client) but it still dont work... :(
> >
> > thaks in advance
> >
> You need to change the certificate template to the Computer (offline
> Request) or IPSec (offline request) template. The reason that the
> certificate does not appear in the Web page is that the web request is
> performed in the security context of the requestor, not the requesting
> computer.
>
> By using the offline request forms, the user must input the computer
> naming information, and then request the cert.
>
> Brian

Relevant Pages

  • Re: Unable to install Godaddy cert on SBS R2 Standard box
    ... When you receive the file from Godaddy it is in a .crt file and Windows is looking for a .cer. ... "Please create a new request,and request for a new certificate from ... Godaddy(issue a new certificate),then install the new certificate. ...
    (microsoft.public.windows.server.sbs)
  • Re: Installing an existing GoDaddy SSL on another SBS box....
    ... Certificate' and then 'Assign an existing certificate'. ... I've got a functional GoDaddy SSL cert installed and working on my ... vanilla install so far. ... I got an error that there was no pending request for the ...
    (microsoft.public.windows.server.sbs)
  • Re: How to renew a certificate programmicaly
    ... Name 2 extension must contain a UPN entry, ... Please notice that the application> policy restriction is "Enrollment Agent" and that the "old certificate" does> not have this application policy. ... > I cannot see this template in the MMC snapin, I guess it is because it has> "X number of authotized signatures" and "Subject details supply in request". ...
    (microsoft.public.platformsdk.security)
  • Certificate Server
    ... not you've installed a root CA or a subordinate CA. I'm ... certificate installed so that the services will operate ... certificate request for the CA. ... certificate and install that on the macine. ...
    (microsoft.public.win2000.security)
  • Re: Problems requesting computer certificates on an issuing CA
    ... The exact permissions on my template are: ... I tried to manually enroll for a computer certificate based on ... CA allows the computers to request certificates. ...
    (microsoft.public.windows.server.security)