Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


How to create certificate on Windows 2003 server to export and install on client computer to allow EAP-TLS VPN connection, CA is setup

Posted on 2004-09-10
Medium Priority
Last Modified: 2013-12-04
I have setup a test environment consisting of 3 PC's for a VPN test environment. It is working fine for basic pptp vpn connections but I would like to use certificate based authentication

My test is running of an active directory domain of EXAMPLE.COM, in which I have set up a Certificate Authority. I've gone through all sorts of documentation but all I can find are documents referring to the web based enrollmend or the domain auto-enrollment. I wan't to use this in such a way that I can create the certficate and export it to file for it to be installed on the client computer manually to allow the VPN connection.

How do I go about this?

Question by:Mooligan
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Expert Comment

ID: 12032543
It was originally written with ISA server in mind BUT the article gives a step by step on how to set up the EAP-TLS VPN... (Two parts){linebreak - ee_ai_construct}Configuring_the_VPN_Client_and_Server_to_Support_CertificateBased_PPTP_EAPTLS_Authentication__Part_2.html

Author Comment

ID: 12075263
Sorry for the late reply, have been away.

Thanks for the links, but this isn't quite the what I was looking for. I have actually been working with a similar article, only it doesn't use ISA, it provides step by step for pptp as well as EAP-TLS.

My problem was for remote PC's that are not a member of the domain how they would get the certificate, ideally I wanted a way that it could be created on the CA and exported / emailed to the user. I think I am just going to settle with using the pptp connection that I have already got working and connecting with that, then once connected request a certificate through web enrollment.

Expert Comment

ID: 12078516
The method of using PPTP and getting a cert, is the method that I use to roll out EAP VPN clients that are not in the network.  Hope it works.

Author Comment

ID: 12111697
I have requested this to be closed as original question of how to create certificates for exporting wasn't addressed. Answer is to use pptp to request through web enrollment, also through the web enrollment it provides options for downloading the cert to file which you could apply to a computer remotely afterwards.

I have posted a new question with the error message I am receiving when I try and make my EAP-TLS connection, even after installing the certs as far as I can tell.

Thanks Guys.

Accepted Solution

Computer101 earned 0 total points
ID: 12153182
PAQed, with points refunded (500)

E-E Admin

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question