Solved

ad certificate services and sstp vpn

Posted on 2010-09-02
7
512 Views
Last Modified: 2012-05-10
Hi
I want to use the AD certificate services to create the key for sstp VPN.

the certificate will like sstp.mydomain.com.

can the client to use this anywhere in the world to get VPN in?

read the MS article , it says only can be use internal
0
Comment
Question by:GordonLiq
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33584602
Each computer which will have imported it into Trusted Root Certificates will be able to use your VPN from everywhere
0
 

Author Comment

by:GordonLiq
ID: 33584618
Sound good, I will have a try.

what about exchange web access ? people may access from any computer and any where.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33584659
it also depends on certificate :) If they have proper one, they should be able :)
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:GordonLiq
ID: 33584847
Do you have any sample of which certificate should be create? that is complex
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33584910
You can find whole process in this Microsoft document. It is very helpful.

http://download.microsoft.com/download/b/1/0/b106fc39-936c-4857-a6ea-3fb9d1f37063/deploying%20sstp%20remote%20access%20step%20by%20step%20guide.doc

Read sections:

- Install Active Directory Certificate Services and Web Server
- Create and install the Server Authentication certificate
- Obtain a trusted root CA certificate

in case of any other questions just let me know
0
 

Author Comment

by:GordonLiq
ID: 33602914
I tried this and failed,

get some major problem ,

the SSL issue are all expired in one year , that means I have to reintall the client's computer each year.
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 33606083
You can create your certificate for longer validity period. Just duplicate it to the newer version and the set longer validity time. If certificate will expire you don't have to reinstall each PC, you have to renew the certificate only.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question