Internal PKI, VPN & Remote Access

Hi all,

I'm considering an Internal CA to facilitate a more secure VPN Remote Access for a handful of users who mainly work away from the office. They will need access to Exchange email and possibly some shares on a file server.

Can I publish CRL and Delta CRL to a web server which is NOT domain joined and resides in a DMZ or even a standalone Azure VM?

If it's possible any chance of some basic instructions or steps I would need to take to get the Issuing CA to talk to the Web server?

Alternatively, is SSTP enough with a public trusted cert?

Or is there a better way altogether?

Thanks for your time, as always, it's appreciated

Dave
LVL 1
DeclaroAsked:
Who is Participating?
 
David Johnson, CD, MVPOwnerCommented:
create a capolicy.inf and store it in your c:\windows folder before you start.  The CA must be able to write to the configured location and the url must be specified.CA
0
 
DeclaroAuthor Commented:
Thanks for the info. apologies for time taken.

I did implement your answer in a lab and it worked, have yet to roll it out

I would award points but don't seem to be able to.

Thank you for taking the time to prepare an answer

Dave
0
 
DeclaroAuthor Commented:
Thank you
0
 
David Johnson, CD, MVPOwnerCommented:
Not a problem.. btw you can publish publicly your CRL/AIA/OCSP's as they don't have any secrets to give out

Some good videos https://vimeo.com/58110869 https://vimeo.com/35053082
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.