Re: Certificates for l2tp VPN

From: izael (izael.ochoa_at_reforma.com)
Date: 01/14/04


Date: 13 Jan 2004 17:01:53 -0800

Thanks Brian, I did it, but it still doesnt work.

I installed a certificate in both the server and the client using the
"IPSec offline request" template, the certificate is in the Local
computeter store.
 
I tried with a stand alone CA, I installed a certificate in the server
and client from a standalone CA, and with these certificate the l2tp
vpn connection works without any problem, but with the Enterprise CA I
canīt install the correct certificate to make it work.

Do I miss something?, Do I have to modify something in the Active
Directory too

Thanks

Brian Komar <bkomar@komarconsulting.com.nospam> wrote in message news:<MPG.1a6d2475fefa7179896a3@msnews.microsoft.com>...
> In article <d51193cc.0401121831.13158ae6@posting.google.com>,
> izael.ochoa@reforma.com says...
> > Hi everyone, Could somebody help me to install computer certificates
> > for l2tp vpn connections?
> >
> > I want to instal l2tp VPN certificates to a server and a computer
> > from a Win2000 Enterprise Root CA. I want to do it using the web page
> > request method, since we want only some computers to have certificates
> > installed. But in the web page, the Computer template does not appear,
> > and I cant find how to make it available. The computer template is
> > specified in the Plicy Settings folder of the CA, but it doesnīt
> > appear in the web page.
> >
> > How can I make it available for everyone?, or what other template can
> > I use?, I have tried with web server (in the server) an user (in the
> > client) but it still dont work... :(
> >
> > thaks in advance
> >
> You need to change the certificate template to the Computer (offline
> Request) or IPSec (offline request) template. The reason that the
> certificate does not appear in the Web page is that the web request is
> performed in the security context of the requestor, not the requesting
> computer.
>
> By using the offline request forms, the user must input the computer
> naming information, and then request the cert.
>
> Brian



Relevant Pages

  • Re: Change public domain name for E-mail and Web on SBS2003
    ... self-cert from everything while the request was being processed. ... I need to change the e-mail addresses, and the SSL certificate to match ... just run the Connect to the Internet Wizard ... request and install the new SSL Cert? ...
    (microsoft.public.windows.server.sbs)
  • RE: 3rd Party Certificate Pending Request not found
    ... This request may be canceled. ... After much trial and tribulation the 3rd party GoDaddy certificate started ... You are attempting to install a certificate that does not match the private ... If you have a backup of the private key, you can install the certificate via ...
    (microsoft.public.windows.server.sbs)
  • Re: Unable to install Godaddy cert on SBS R2 Standard box
    ... When you receive the file from Godaddy it is in a .crt file and Windows is looking for a .cer. ... "Please create a new request,and request for a new certificate from ... Godaddy(issue a new certificate),then install the new certificate. ...
    (microsoft.public.windows.server.sbs)
  • Re: Installing an existing GoDaddy SSL on another SBS box....
    ... Certificate' and then 'Assign an existing certificate'. ... I've got a functional GoDaddy SSL cert installed and working on my ... vanilla install so far. ... I got an error that there was no pending request for the ...
    (microsoft.public.windows.server.sbs)
  • Re: How to renew a certificate programmicaly
    ... Name 2 extension must contain a UPN entry, ... Please notice that the application> policy restriction is "Enrollment Agent" and that the "old certificate" does> not have this application policy. ... > I cannot see this template in the MMC snapin, I guess it is because it has> "X number of authotized signatures" and "Subject details supply in request". ...
    (microsoft.public.platformsdk.security)