User Certificates question (No AD)

[Guest]

Hi folks

We have the following
Win2k3 Enterprise as Stand-alone CA, RRAS configured with L2TP ports RAS only and this box is a member server of an NT 4.0 domain structure (no AD installed)

We are able to use the VPN with computer certificates without problems, but in order to improve security, we would like to use USER certificates instead. When opening the page to request a certificate, the only options are: web browser cert, e-mail cert and adv cert request. There's no user certificate option

We have searched the net to try to find a solution, but almost all of the environments involves AD and ISA server. Most of the articles from TacTeam

Is there a way to use, in an environment like ours, user certificates

Thanks in advance

Ãlvaro Motta

 

[Manjari Bonam [MSFT]]

You need to change the setup of the CA to be able to issue the user certs
for authentication.

Then you will be able to download them and use.

--
- Manjari
This posting is provided "AS IS" with no warranties, and confers no rights.

Hi folks,

We have the following:
Win2k3 Enterprise as Stand-alone CA, RRAS configured with L2TP ports RAS

only and this box is a member server of an NT 4.0 domain structure (no AD
installed).

We are able to use the VPN with computer certificates without problems,

but in order to improve security, we would like to use USER certificates
instead. When opening the page to request a certificate, the only options
are: web browser cert, e-mail cert and adv cert request. There's no user
certificate option.

We have searched the net to try to find a solution, but almost all of the

environments involves AD and ISA server. Most of the articles from TacTeam.

 

[Guest]

Hi Manjari

Thank you very much for you quick reply
I played a little bit with the CA snap-in, but wasn't able to find where this setting has to be changed

Some light

Thanks again

A


----- Manjari Bonam [MSFT] wrote: ----

You need to change the setup of the CA to be able to issue the user cert
for authentication

Then you will be able to download them and use

--
- Manjar
This posting is provided "AS IS" with no warranties, and confers no rights

Hi folks
Win2k3 Enterprise as Stand-alone CA, RRAS configured with L2TP ports RA

only and this box is a member server of an NT 4.0 domain structure (no A
installed)but in order to improve security, we would like to use USER certificate
instead. When opening the page to request a certificate, the only option
are: web browser cert, e-mail cert and adv cert request. There's no use
certificate option

 

[Manjari Bonam [MSFT]]

You should create the templates at
Administrative Tools-> CA
Right click Certificte templates
select Manage
Based on the need click on "Computer"/"USweR"/"Subordinate CA"/"Duplicate
Ceritifcate"... Here you need "User"
Change the configuration on different tabs.
Click Ok and you are ready with a template.

Now when you go to the web to request the certiificates, the new one will
appear and you can get a certificate to allow the needed.

--
- Manjari
This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Manjari,

Thank you very much for you quick reply.
I played a little bit with the CA snap-in, but wasn't able to find where

this setting has to be changed.

Some light?

Thanks again,

AL


----- Manjari Bonam [MSFT] wrote: -----

You need to change the setup of the CA to be able to issue the user certs
for authentication.

Then you will be able to download them and use.

--
- Manjari
This posting is provided "AS IS" with no warranties, and confers no rights.

Hi folks,
Win2k3 Enterprise as Stand-alone CA, RRAS configured with L2TP

ports RAS
only and this box is a member server of an NT 4.0 domain structure (no AD
installed). problems,
but in order to improve security, we would like to use USER certificates
instead. When opening the page to request a certificate, the only options
are: web browser cert, e-mail cert and adv cert request. There's no user
certificate option. of the
environments involves AD and ISA server. Most of the articles from TacTeam.