Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Using Certificates with IPSEC

Using Certificates with IPSEC

Forum Windows 2000/NT : Windows 2000/NT General Discussion - Using Certificates with IPSEC

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!

Related content
Forum

See all topics related to "using certificates ipsec"

Placing a certificate on a non domain server

Ask the community Add a reply

Bottom Search this thread

Archived from groups: microsoft.public.win2000.security (More info?)

How do you implement IPSEC using Certificates? Right now I have it set up
with Kerberos. Does the Client/Server have to have each others Certificate,
etc?

Add a reply

Archived from groups: microsoft.public.win2000.security (More info?)

In article <FAD1D514-2475-41A9-8081-D1C35E4B9146@microsoft.com>,
Scotty@discussions.microsoft.com says...
> How do you implement IPSEC using Certificates? Right now I have it set up
> with Kerberos. Does the Client/Server have to have each others Certificate,
> etc?
>
Both endpoints (computers) must have a certificate that chains to the
same root CA, or to CAs that are trusted by the opposite endpoint.

Brian

Reply to Anonymous

Archived from groups: microsoft.public.win2000.security (More info?)

What is the process of trusting other computers for IPSEC using Certificates?

"Brian Komar" wrote:

> In article <FAD1D514-2475-41A9-8081-D1C35E4B9146@microsoft.com>,
> Scotty@discussions.microsoft.com says...
> > How do you implement IPSEC using Certificates? Right now I have it set up
> > with Kerberos. Does the Client/Server have to have each others Certificate,
> > etc?
> >
> Both endpoints (computers) must have a certificate that chains to the
> same root CA, or to CAs that are trusted by the opposite endpoint.
>
> Brian
>

Reply to Scotty

Archived from groups: microsoft.public.win2000.security (More info?)

In article <3922BF52-8930-4BC0-80E2-490DEED7D733@microsoft.com>,
Scotty@discussions.microsoft.com says...
> What is the process of trusting other computers for IPSEC using Certificates?
>
> "Brian Komar" wrote:
>
> > In article <FAD1D514-2475-41A9-8081-D1C35E4B9146@microsoft.com>,
> > Scotty@discussions.microsoft.com says...
> > > How do you implement IPSEC using Certificates? Right now I have it set up
> > > with Kerberos. Does the Client/Server have to have each others Certificate,
> > > etc?
> > >
> > Both endpoints (computers) must have a certificate that chains to the
> > same root CA, or to CAs that are trusted by the opposite endpoint.
> >
> > Brian
> >
>
1) You have to deploy the certificates to the two endpoint computers
2) Change the authentication method for the IP Security Rule to
certificates, rather than Kerberos or pre-shared keys. When you
designate the certificate on the AUthentication Methods tab, you then
designate the root CA certificate that must be used.

Correcting myself, you must use the same root CA on both ends. The CA
can be different CAs that chain to the same root CA.

Brian

Reply to Anonymous

Archived from groups: microsoft.public.win2000.security (More info?)

One more thing:
Make sure the certs are machine certs and not user certs.

--
Louise Bowman
(MSFT)
This posting is provided "AS IS" with no warranties, and confers no rights.
"Brian Komar" <bkomar@nospam.identit.ca> wrote in message
news:MPG.1c64744c3faedf529896c2@msnews.microsoft.com...
> In article <3922BF52-8930-4BC0-80E2-490DEED7D733@microsoft.com>,
> Scotty@discussions.microsoft.com says...
> > What is the process of trusting other computers for IPSEC using
Certificates?
> >
> > "Brian Komar" wrote:
> >
> > > In article <FAD1D514-2475-41A9-8081-D1C35E4B9146@microsoft.com>,
> > > Scotty@discussions.microsoft.com says...
> > > > How do you implement IPSEC using Certificates? Right now I have it
set up
> > > > with Kerberos. Does the Client/Server have to have each others
Certificate,
> > > > etc?
> > > >
> > > Both endpoints (computers) must have a certificate that chains to the
> > > same root CA, or to CAs that are trusted by the opposite endpoint.
> > >
> > > Brian
> > >
> >
> 1) You have to deploy the certificates to the two endpoint computers
> 2) Change the authentication method for the IP Security Rule to
> certificates, rather than Kerberos or pre-shared keys. When you
> designate the certificate on the AUthentication Methods tab, you then
> designate the root CA certificate that must be used.
>
> Correcting myself, you must use the same root CA on both ends. The CA
> can be different CAs that chain to the same root CA.
>
> Brian

Reply to Anonymous

Ask the community Add a reply

Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Using Certificates with IPSEC

Go to:

Help |
Forum rules

There are 530 identified and unidentified users. To see the list of identified users, Click here.

Related content

See all topics related to "using certificates ipsec"

Page generated in 0.288 seconds

Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel

Focus On

Using Certificates with IPSEC

Forum Windows 2000/NT : Windows 2000/NT General Discussion - Using Certificates with IPSEC

Please mind