Internal PKI, VPN & Remote Access

Hi all,

I'm considering an Internal CA to facilitate a more secure VPN Remote Access for a handful of users who mainly work away from the office. They will need access to Exchange email and possibly some shares on a file server.

Can I publish CRL and Delta CRL to a web server which is NOT domain joined and resides in a DMZ or even a standalone Azure VM?

If it's possible any chance of some basic instructions or steps I would need to take to get the Issuing CA to talk to the Web server?

Alternatively, is SSTP enough with a public trusted cert?

Or is there a better way altogether?

Thanks for your time, as always, it's appreciated

Dave
LVL 1
DeclaroAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
create a capolicy.inf and store it in your c:\windows folder before you start.  The CA must be able to write to the configured location and the url must be specified.CA
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DeclaroAuthor Commented:
Thanks for the info. apologies for time taken.

I did implement your answer in a lab and it worked, have yet to roll it out

I would award points but don't seem to be able to.

Thank you for taking the time to prepare an answer

Dave
0
DeclaroAuthor Commented:
Thank you
0
David Johnson, CD, MVPOwnerCommented:
Not a problem.. btw you can publish publicly your CRL/AIA/OCSP's as they don't have any secrets to give out

Some good videos https://vimeo.com/58110869 https://vimeo.com/35053082
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.