[Last Call] Learn how to a build a cloud-first strategyRegister Now


Cannot get Certificates working for VPN L2TP IPSec Server and Client

Posted on 2004-11-19
Medium Priority
Last Modified: 2013-12-04
I have a remote Windows 2003 Server configured as a VPN server, through RRAS. It is also a Standalone Root CA and has IIS installed. It is not in a domain so AD is not installed.

I have VPN working through PPTP but needed to connect multiple clients from behind a NAT firewall, so am migrating to L2TP and IPSec. I have tested the system OK, using pre-shared keys but cannot get the certificate part to work.

On the client XP computer, Using web enrollment, I have installed client authorisation cert and IPSec Cert to the local machine store. Are these the right certs to install and what certs (if any) do I need to install on the VPN server?

On the client VPN connection properties, security tab, I have selected Advanced and configured the settings to use EAP "Smart Card or other Certificate", properties to use a certificate on this computer, simple certificate selection and de-selected validate server certificate (because I didn't understand the options...)

Hope this is enough info for someone to help?
Question by:CrossMouse

Author Comment

ID: 12633477
I've now resolved this issue myself and the answer is:

Install an IPSec certificate for the local machine store on the VPN server

Install an IPSec certificate for the local machine store on the client PC

Export the issuing CA cert to a file on the client PC and then import it to the Trusted Root CA certificates folder. Note that other articles will say that there is a red cross next to the issuing CA on the client machine, before you have added it to the Trusted folder, but I did not find this to be the case.

To view installed certs, Start, Run, mmc Enter Add Certificates, computer account NOT local user.

Hope this may help someone else...

Accepted Solution

modulo earned 0 total points
ID: 14114463
PAQed with points refunded (250)

Community Support Moderator

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question