ad certificate services and sstp vpn

Hi
I want to use the AD certificate services to create the key for sstp VPN.

the certificate will like sstp.mydomain.com.

can the client to use this anywhere in the world to get VPN in?

read the MS article , it says only can be use internal
GordonLiqAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Krzysztof PytkoSenior Active Directory EngineerCommented:
Each computer which will have imported it into Trusted Root Certificates will be able to use your VPN from everywhere
0
GordonLiqAuthor Commented:
Sound good, I will have a try.

what about exchange web access ? people may access from any computer and any where.
0
Krzysztof PytkoSenior Active Directory EngineerCommented:
it also depends on certificate :) If they have proper one, they should be able :)
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

GordonLiqAuthor Commented:
Do you have any sample of which certificate should be create? that is complex
0
Krzysztof PytkoSenior Active Directory EngineerCommented:
You can find whole process in this Microsoft document. It is very helpful.

http://download.microsoft.com/download/b/1/0/b106fc39-936c-4857-a6ea-3fb9d1f37063/deploying%20sstp%20remote%20access%20step%20by%20step%20guide.doc

Read sections:

- Install Active Directory Certificate Services and Web Server
- Create and install the Server Authentication certificate
- Obtain a trusted root CA certificate

in case of any other questions just let me know
0
GordonLiqAuthor Commented:
I tried this and failed,

get some major problem ,

the SSL issue are all expired in one year , that means I have to reintall the client's computer each year.
0
Krzysztof PytkoSenior Active Directory EngineerCommented:
You can create your certificate for longer validity period. Just duplicate it to the newer version and the set longer validity time. If certificate will expire you don't have to reinstall each PC, you have to renew the certificate only.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.