Home | Troubleshooting |  Quick Setup  |  Cisco How to  |  Data Recovery  |  Forums   | Blog | IT Exam Practice | Services  | About Us | Chicagotech MVP  | Search  | Contact Us  |                  Laptop for rent: $35 per day plus $10 for additional day

rental
 

 

How to install a computer certificate for L2TP/IPSec VPN

When you are using Layer Two Tunneling Protocol (L2TP) for your remote access or router-to-router VPN connections, the computer certificates must be installed either on both the VPN server and remote access client (for remote access connections), or on both the calling router and answering router (for router-to-router VPN connections).

To install a computer certificate, a certificate authority must be present to issue certificates. Once the certificate authority is configured, you can install a certificate in two different ways:

  • By configuring the automatic allocation of computer certificates to computers in a Windows 2000 domain.
  • By using Certificate Manager to obtain a computer certificate.

Based on the certificate policies in your organization, you only need to perform one of these two allocations.

To configure a certificate authority and install the computer certificate, perform the following steps:

  1. Install the Windows 2000 Certificate Services component as an enterprise root certificate authority (CA). This step is only necessary if you do not already have an enterprise root CA.
    1. If necessary, promote the computer that will be a CA to a domain controller (DC). For more information, see To install a domain controller
    2. Install the Windows 2000 Certificate Services component as an enterprise root CA. For more information, see To install an enterprise root certification authority
  2. To auto-enroll machine certificates, configure the Windows 2000 domain. For more information, see To configure automatic certificate allocation from an enterprise CA

To create a computer certificate for the VPN server that is a member of the domain for which auto-enrollment is configured (as well as other computers that are members of the domain), restart the computer or type secedit /refreshpolicy machine_policy from a Windows 2000 command prompt.

To manually enroll machine certificates, use Certificate Manager to install the CA root certificate. For more information, see To manage certificates for a computer and To request a certificate

Post your questions, comments, feedbacks and suggestions

Contact a consultant

Related Topics


 

 


 

 

Hit Counter   This web is provided "AS IS" with no warranties.
Copyright © 2002-2018 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.