Re: Auto-renewing certs w/ VPN clients



The link below may help if you have not seen it yet and assumes your CA is
installed on Windows 2003 Enterprise Server which is required for version 2
templates that can be used for autoenrollment via Group Policy. Offhand I
don't know for sure if the VPN renewal will work as you plan it but you
could test that by creating a test template that has a short lifetime with a
matching renewal period that is limited to be requested and issues to a few
test machines to try it with via a VPN connection. --- Steve

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx

"Jeff Vandervoort" <jeffv @ jrvsystems dot com> wrote in message
news:%236cTB5jMGHA.3708@xxxxxxxxxxxxxxxxxxxxxxx
Setting up an L2TP/IPSec VPN. VPN Clients will be AD domain members.
WS2003 SP1 functional-level domain & Enterprise CA.

Group Policy is set to auto-renew certs as they expire. VPN Clients will
be connecting on demand from existing Windows sessions (not using "Log on
using dialup"). The script that makes the VPN connection will include
GPUPDATE /FORCE /WAIT:0.

1. Will these VPN clients have their certs auto-renewed?

2. If not, is there a way to script that?

3. How long prior to expiration are certs auto-renewed?

--
Jeff Vandervoort
JRVsystems



.