Automatically Renewing User Certificates from Inhouse CA?

mvanzwieten_at_gmail.com
Date: 03/23/05


Date: 23 Mar 2005 06:16:12 -0800

Hi Everyone,

I'm running a Win2k CA inhouse tied directly into Active Directory. In
order to make use of EAP/TLS over VPN, I've logged onto local user's
laptops, and downloaded user certificates for them from the CA webpage
onto their laptops, and they use these certs when connecting through
the VPN.

The issue is this... The certificates are only good for 1 year. They
do not renew themselves when they expire, and basically lock the person
out from even using EAP/TLS over VPN after they expire.

In order to get them working again, we have to manually browse over to
the CA webpage, and download a new user cert all over again, deleting
the old one that still sitting there, expired.

Is there anyway to automatically make these user certs renew, or
possibly force a renewal of that user cert on that machine?

I would appreciate your advice! :)

Thank you,
Mike



Relevant Pages

  • Re: Secure workgroups!
    ... you're mixing threat models when you introduce theft of laptops. ... stolen set) then you aren't going to get very far into the wireless network. ... I try to avoid add-ons like VPN clients and such. ...
    (microsoft.public.security)
  • Re: How secure is VPN access?
    ... It depends on how well the company provided laptops are treated. ... > Do your users have access to network resources through the VPN? ... Trojans etc. to the network from the VPN. ... not from their own home computers. ...
    (Security-Basics)
  • Re: Wi-Fi: Essential Checklist
    ... email and passwords that are sniffable via wireless ... treated in the same way when dealing with security. ... I have 5 VPN clients on my Verizon XV6700 cell phone running Windoze ... Most modern laptops will boot from USB, ...
    (alt.internet.wireless)
  • Re: CMAK or configuration for VPN?
    ... logged on to the laptop or domain before, which means their profile doesn't ... I need to pre-define the dial and VPN ... but when I dial as a logged-out user, ... >I have some laptops I need to configured to log on to a domain LAN via 1X ...
    (microsoft.public.windows.server.networking)
  • ISA 2004 Quarantine w/XP SP2 & Firewall Client?
    ... ISA 2004SE SP1. ... VPN and quarantine are working nicely. ... We have some XP SP2 mobile machines (laptops) that are joined to our domain ... Firewall Client is disabled during this VPN process. ...
    (microsoft.public.isa.vpn)