Click here to get back home

Issue cert to member of untrusted domain
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Issue cert to member of untrusted domain Jeff Vandervoort 01-28-2006
Posted by Jeff Vandervoort on January 28, 2006, 9:31 am
Please log in for more thread options
 WS2003SP1 Enterprise CA. Setting up an L2TP VPN.

Is it possible for an Enterprise CA to issue a computer cert to a computer
that's a member of an untrusted domain so it can be a client on the L2TP
VPN? How?

TIA

--
Jeff Vandervoort
JRVsystems



Posted by Daniel Mauser on January 28, 2006, 1:26 pm
Please log in for more thread options
 Check this artcile:
http://support.microsoft.com/kb/555281/en-us
There's a section explaining how to request a L2TP/IPSec Certificate to the
Offline Client

Daniel Mauser.


> WS2003SP1 Enterprise CA. Setting up an L2TP VPN.
>
> Is it possible for an Enterprise CA to issue a computer cert to a computer
> that's a member of an untrusted domain so it can be a client on the L2TP
> VPN? How?
>
> TIA
>
> --
> Jeff Vandervoort
> JRVsystems
>



Posted by Jeff Vandervoort on January 28, 2006, 4:27 pm
Please log in for more thread options
Thanks very much, Daniel; this looks like exactly what I need.

--
Jeff Vandervoort
JRVsystems
> Check this artcile:
> http://support.microsoft.com/kb/555281/en-us
> There's a section explaining how to request a L2TP/IPSec Certificate to
> the Offline Client
>
> Daniel Mauser.
>
>
>> WS2003SP1 Enterprise CA. Setting up an L2TP VPN.
>>
>> Is it possible for an Enterprise CA to issue a computer cert to a
>> computer that's a member of an untrusted domain so it can be a client on
>> the L2TP VPN? How?
>>
>> TIA
>>
>> --
>> Jeff Vandervoort
>> JRVsystems
>>
>
>



Posted by Jeff Vandervoort on January 28, 2006, 4:44 pm
Please log in for more thread options
Well, I spoke too soon. Any way to accomplish this with a WS2003 Standard
Edition CA? I'm guessing not, but it's worth asking.

--
Jeff Vandervoort
JRVsystems

> Check this artcile:
> http://support.microsoft.com/kb/555281/en-us
> There's a section explaining how to request a L2TP/IPSec Certificate to
> the Offline Client
>
> Daniel Mauser.
>
>
>> WS2003SP1 Enterprise CA. Setting up an L2TP VPN.
>>
>> Is it possible for an Enterprise CA to issue a computer cert to a
>> computer that's a member of an untrusted domain so it can be a client on
>> the L2TP VPN? How?
>>
>> TIA
>>
>> --
>> Jeff Vandervoort
>> JRVsystems
>>
>
>



Posted by Daniel Mauser on January 28, 2006, 9:00 pm
Please log in for more thread options
Yes. In your case you should install an Enterprise CA to get a best
integration with your 2003 domain and Enterprise CA is supported in Windows
2003 Standard Edition.

In this link below there's a table showing witch features it is available
for Certificate Services in Windows 2003 Standard Edition and Enterprise
Edition.

See: Windows Server 2003 Operating System Needed for Each Procedure

http://www.microsoft.com/technet/security/prodtech/windowsserver2003/build_ent_root_ca.mspx



Daniel Mauser.


> Well, I spoke too soon. Any way to accomplish this with a WS2003 Standard
> Edition CA? I'm guessing not, but it's worth asking.
>
> --
> Jeff Vandervoort
> JRVsystems
>
>> Check this artcile:
>> http://support.microsoft.com/kb/555281/en-us
>> There's a section explaining how to request a L2TP/IPSec Certificate to
>> the Offline Client
>>
>> Daniel Mauser.
>>
>>
>>> WS2003SP1 Enterprise CA. Setting up an L2TP VPN.
>>>
>>> Is it possible for an Enterprise CA to issue a computer cert to a
>>> computer that's a member of an untrusted domain so it can be a client on
>>> the L2TP VPN? How?
>>>
>>> TIA
>>>
>>> --
>>> Jeff Vandervoort
>>> JRVsystems
>>>
>>
>>
>
>



Similar ThreadsPosted
Issue SAN cert for IIS Exchange CAS role November 26, 2007, 1:12 pm
Should our web server be a domain member? April 7, 2006, 2:44 pm
2K3 Cert Svcs gives invalid policy error on OpenSSL gen'd cert req June 4, 2007, 1:56 pm
Requesting Code signing cert from cert services November 4, 2005, 12:11 pm
Request Cert via certificates MMC snapin with CA in parent domain December 6, 2006, 10:44 am
Domain Controllers grabbed Certificates from wrong Cert Authority July 12, 2007, 12:32 pm
Ability to list groups member of a trusted domain is in July 26, 2006, 12:30 pm
W2K3 Member Server unable to resolve domain SIDs October 12, 2006, 11:56 am
plz help to creating a windows server 2003 domain member user April 7, 2007, 3:08 am
How to open LSA API on Win2k in order to determine if a computer is member of domain October 17, 2007, 5:45 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap