Placing a certificate on a non domain server

Archived from groups: microsoft.public.win2000.security (More info?)

I want to establish IPsec commo between a domain member server and a non
domain server.

I established an EPsec connection using a pershared key. But I cannot get
the connection to work using certificates. I have a CA on my domain but I do
not know how to get a computer cert from that CA on my non domain server so
it can be used with IPsec.

When I use certserver for the CA and attempt to obtain an IPsec certificate,
I cannot get into the trust store on the nondomain server.

How do I install a computer certificate for IPsec on a non domain server?
--
7TA9241
1 answer Last reply
More about placing certificate domain server
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Assuming that your CA is an enterprise CA, use Certificate Authority
    Management Console to add the ipsec offline template for the CA. Then logon
    to the non domain server as a local administrator that has an account in the
    AD domain [even temporarily] and use http://mycertauth/certsrv to request
    the certificate and be sure to save it to the machine store. You will have
    to make an advanced request. You will also have to request the certificate
    [public key] of the CA. The link below shows more detailed info. If that
    does not work you could also request it locally from a domain computer using
    Web Enroll, enter the computer name in the name field and mark private keys
    exportable, then request/install, go into the local machine mmc machine
    certificate snapin, export it with the private key to a .pfx file that you
    could transfer to the non domain computer to install. It may not install
    into the computer store this way. If it does not you will have to first open
    the mmc certificate computer snapin on the non domain computer go to the
    personal folder, right click and select all tasks/import and point to the
    ..pfx file. --- Steve

    http://support.microsoft.com/default.aspx?scid=kb;en-us;253498 -- how to
    install an ipsec certificate.

    "mwebb" <mwebb@discussions.microsoft.com> wrote in message
    news:D785BDE1-2FEE-4A12-8521-E15F4A3B44DC@microsoft.com...
    >I want to establish IPsec commo between a domain member server and a non
    > domain server.
    >
    > I established an EPsec connection using a pershared key. But I cannot get
    > the connection to work using certificates. I have a CA on my domain but I
    > do
    > not know how to get a computer cert from that CA on my non domain server
    > so
    > it can be used with IPsec.
    >
    > When I use certserver for the CA and attempt to obtain an IPsec
    > certificate,
    > I cannot get into the trust store on the nondomain server.
    >
    > How do I install a computer certificate for IPsec on a non domain server?
    > --
    > 7TA9241
Ask a new question

Read More

Domain Certificate Servers Windows