Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
Hi,
We frequently use VPN's however I have a quick question that i'm sure
someone can answer in 2 secs. We can with no problem at all establish
an L2TP over IPSec VPN from a 2K/XP Pro client to a 2K/2K3 Server. Now
it is our practice to incorporate 2 certificates 1x User + 1x Computer
from the CA(2K3 DC).
With these 2 certificates L2TP over IPSec works with no probs but
should we take one away L2TP cannot authenticate using EAP. This seems
fair enough, however should we wish to establish a VPN using an XP Home
client which cannot log onto the domain, we have no probs getting a
user certificate because of course we can use the browser and go to
"\\server\certsrv". But how can we request a computer certificate
without being logged onto the domain as the CA can't be accessed
through the MMC on the client without being logged on the domain.
To my understanding you can only get a user certificate from
"\\server\certsrv" and not a computer cert.
If anyone can shed some light on this it would be most appreciated.
Perhaps there is a workaround where a computer cert is not needed and
the user cert will be enough? just an idea.
Many thanks
Yus
Hi,
We frequently use VPN's however I have a quick question that i'm sure
someone can answer in 2 secs. We can with no problem at all establish
an L2TP over IPSec VPN from a 2K/XP Pro client to a 2K/2K3 Server. Now
it is our practice to incorporate 2 certificates 1x User + 1x Computer
from the CA(2K3 DC).
With these 2 certificates L2TP over IPSec works with no probs but
should we take one away L2TP cannot authenticate using EAP. This seems
fair enough, however should we wish to establish a VPN using an XP Home
client which cannot log onto the domain, we have no probs getting a
user certificate because of course we can use the browser and go to
"\\server\certsrv". But how can we request a computer certificate
without being logged onto the domain as the CA can't be accessed
through the MMC on the client without being logged on the domain.
To my understanding you can only get a user certificate from
"\\server\certsrv" and not a computer cert.
If anyone can shed some light on this it would be most appreciated.
Perhaps there is a workaround where a computer cert is not needed and
the user cert will be enough? just an idea.
Many thanks
Yus
Facebook
Twitter
Instagram