Using Certificates with IPSEC

G

Guest

How do you implement IPSEC using Certificates? Right now I have it set up
with Kerberos. Does the Client/Server have to have each others Certificate,
etc?
 
B

Brian Komar

How do you implement IPSEC using Certificates? Right now I have it set up
with Kerberos. Does the Client/Server have to have each others Certificate,
etc?
Click to expand...
Both endpoints (computers) must have a certificate that chains to the
same root CA, or to CAs that are trusted by the opposite endpoint.

Brian
 
B

Brian Komar

What is the process of trusting other computers for IPSEC using Certificates?
Click to expand...
1) You have to deploy the certificates to the two endpoint computers
2) Change the authentication method for the IP Security Rule to
certificates, rather than Kerberos or pre-shared keys. When you
designate the certificate on the AUthentication Methods tab, you then
designate the root CA certificate that must be used.

Correcting myself, you must use the same root CA on both ends. The CA
can be different CAs that chain to the same root CA.

Brian
 
L

Louise Bowman [MSFT]

One more thing:
Make sure the certs are machine certs and not user certs.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows 2000 & Mandrake MNF 2
ipsec with certificates ..... 1
Placing a certificate on a non domain server 1
Certificates for VPN Connection 1
Should I install Certificate Authority to solve these problems ? 4
ipsec w/certificates 3
Configuring IPsec with IKE authentication with self signed certificates 1
Accessing Standalone Wink3 Server from XP Workstations 2

Top