Sign in with
Sign up | Sign in
Your question

Create a computer certificate for non-connected machine?

Last response: in Windows 2000/NT
Share
Anonymous
August 23, 2004 4:36:41 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Here's my scenario: We're doing L2TP VPNs, and we have a very well
functional internal PKI set up (doing EAP-TLS for interal wireless, so
it's well tested).

In doing L2TP VPNs, we need to get certificates on the clients--a User
level certificate stored in the local computer store. That's easy, we
do it with autoenrollment and a GPO on the domain.

However, I have 2 clients that are not part of my domain that need to
get a computer certificate. I can get them the certs for my Root and
issuing certificate authorities, that's easy, but how in the world do
I get them a computer certificate?

Please note, they are completely disconnected. Our Certificate server
is not reachable from the outside world, nor are these computers going
to be toted into the office to be on my network anytime soon. I'm not
doing PPTP to get them in without certificates to make the request.
How can I make a request on their behalf and export something that I
can send via floppy or USB? We're not ready to do smartcards yet.

Gratzi

Edd
Anonymous
August 24, 2004 1:43:03 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Eddie,

I answered in microsoft.public.security

Try to avoid multi posting (it's hard to follow-up). Use cross posting (in
newsgroups filed enter more then one group at the time).

Mike

"Eddie Wedensworth" <auto3545@hushmail.com> wrote in message
news:9d76f9da.0408231136.257ed756@posting.google.com...
> Here's my scenario: We're doing L2TP VPNs, and we have a very well
> functional internal PKI set up (doing EAP-TLS for interal wireless, so
> it's well tested).
>
> In doing L2TP VPNs, we need to get certificates on the clients--a User
> level certificate stored in the local computer store. That's easy, we
> do it with autoenrollment and a GPO on the domain.
>
> However, I have 2 clients that are not part of my domain that need to
> get a computer certificate. I can get them the certs for my Root and
> issuing certificate authorities, that's easy, but how in the world do
> I get them a computer certificate?
>
> Please note, they are completely disconnected. Our Certificate server
> is not reachable from the outside world, nor are these computers going
> to be toted into the office to be on my network anytime soon. I'm not
> doing PPTP to get them in without certificates to make the request.
> How can I make a request on their behalf and export something that I
> can send via floppy or USB? We're not ready to do smartcards yet.
>
> Gratzi
>
> Edd
Related resources
!