Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5777
  • Last Modified:

How to create certificate on Windows 2003 server to export and install on client computer to allow EAP-TLS VPN connection, CA is setup

I have setup a test environment consisting of 3 PC's for a VPN test environment. It is working fine for basic pptp vpn connections but I would like to use certificate based authentication

My test is running of an active directory domain of EXAMPLE.COM, in which I have set up a Certificate Authority. I've gone through all sorts of documentation but all I can find are documents referring to the web based enrollmend or the domain auto-enrollment. I wan't to use this in such a way that I can create the certficate and export it to file for it to be installed on the client computer manually to allow the VPN connection.

How do I go about this?

Thanks.
0
Mooligan
Asked:
Mooligan
  • 2
  • 2
1 Solution
 
LimeSMJCommented:
It was originally written with ISA server in mind BUT the article gives a step by step on how to set up the EAP-TLS VPN... (Two parts)

http://isaserver.org/tutorials/pptpeaptlspart1.html
http://www.isaserver.org/tutorials/{linebreak - ee_ai_construct}Configuring_the_VPN_Client_and_Server_to_Support_CertificateBased_PPTP_EAPTLS_Authentication__Part_2.html
0
 
MooliganAuthor Commented:
Sorry for the late reply, have been away.

Thanks for the links, but this isn't quite the what I was looking for. I have actually been working with a similar article, only it doesn't use ISA, it provides step by step for pptp as well as EAP-TLS. http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/rmotevpn.mspx

My problem was for remote PC's that are not a member of the domain how they would get the certificate, ideally I wanted a way that it could be created on the CA and exported / emailed to the user. I think I am just going to settle with using the pptp connection that I have already got working and connecting with that, then once connected request a certificate through web enrollment.
0
 
LimeSMJCommented:
The method of using PPTP and getting a cert, is the method that I use to roll out EAP VPN clients that are not in the network.  Hope it works.
0
 
MooliganAuthor Commented:
I have requested this to be closed as original question of how to create certificates for exporting wasn't addressed. Answer is to use pptp to request through web enrollment, also through the web enrollment it provides options for downloading the cert to file which you could apply to a computer remotely afterwards.

I have posted a new question with the error message I am receiving when I try and make my EAP-TLS connection, even after installing the certs as far as I can tell.
http://www.experts-exchange.com/Security/Win_Security/Q_21138966.html

Thanks Guys.
Jason.
0
 
Computer101Commented:
PAQed, with points refunded (500)

Computer101
E-E Admin
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now