Placing a certificate on a non domain server

[Guest]

I want to establish IPsec commo between a domain member server and a non
domain server.

I established an EPsec connection using a pershared key. But I cannot get
the connection to work using certificates. I have a CA on my domain but I do
not know how to get a computer cert from that CA on my non domain server so
it can be used with IPsec.

When I use certserver for the CA and attempt to obtain an IPsec certificate,
I cannot get into the trust store on the nondomain server.

How do I install a computer certificate for IPsec on a non domain server?

 

[Steven L Umbach]

Assuming that your CA is an enterprise CA, use Certificate Authority
Management Console to add the ipsec offline template for the CA. Then logon
to the non domain server as a local administrator that has an account in the
AD domain [even temporarily] and use http://mycertauth/certsrv to request
the certificate and be sure to save it to the machine store. You will have
to make an advanced request. You will also have to request the certificate
[public key] of the CA. The link below shows more detailed info. If that
does not work you could also request it locally from a domain computer using
Web Enroll, enter the computer name in the name field and mark private keys
exportable, then request/install, go into the local machine mmc machine
certificate snapin, export it with the private key to a .pfx file that you
could transfer to the non domain computer to install. It may not install
into the computer store this way. If it does not you will have to first open
the mmc certificate computer snapin on the non domain computer go to the
personal folder, right click and select all tasks/import and point to the
..pfx file. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;253498 -- how to
install an ipsec certificate.