[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 532
  • Last Modified:

ad certificate services and sstp vpn

Hi
I want to use the AD certificate services to create the key for sstp VPN.

the certificate will like sstp.mydomain.com.

can the client to use this anywhere in the world to get VPN in?

read the MS article , it says only can be use internal
0
GordonLiq
Asked:
GordonLiq
  • 4
  • 3
1 Solution
 
Krzysztof PytkoActive Directory EngineerCommented:
Each computer which will have imported it into Trusted Root Certificates will be able to use your VPN from everywhere
0
 
GordonLiqAuthor Commented:
Sound good, I will have a try.

what about exchange web access ? people may access from any computer and any where.
0
 
Krzysztof PytkoActive Directory EngineerCommented:
it also depends on certificate :) If they have proper one, they should be able :)
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
GordonLiqAuthor Commented:
Do you have any sample of which certificate should be create? that is complex
0
 
Krzysztof PytkoActive Directory EngineerCommented:
You can find whole process in this Microsoft document. It is very helpful.

http://download.microsoft.com/download/b/1/0/b106fc39-936c-4857-a6ea-3fb9d1f37063/deploying%20sstp%20remote%20access%20step%20by%20step%20guide.doc

Read sections:

- Install Active Directory Certificate Services and Web Server
- Create and install the Server Authentication certificate
- Obtain a trusted root CA certificate

in case of any other questions just let me know
0
 
GordonLiqAuthor Commented:
I tried this and failed,

get some major problem ,

the SSL issue are all expired in one year , that means I have to reintall the client's computer each year.
0
 
Krzysztof PytkoActive Directory EngineerCommented:
You can create your certificate for longer validity period. Just duplicate it to the newer version and the set longer validity time. If certificate will expire you don't have to reinstall each PC, you have to renew the certificate only.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now