Either you generate a CSR or have them generate a CSR (a certificate request file). Submit this manually to your PKI server. Get the resulting pfx file to the remote user in some kind of secure way.
Cheers Ken From: Todd Arnett [mailto:[email protected]] Sent: Tuesday, 22 March 2011 1:48 AM To: NT System Admin Issues Subject: Certificate Authentication with VPNs We are currently looking to deploy an L2TP/IPSEC VPN server using RRAS in 2008 R2 with the following goals: * Two factor authentication * A protocol and Authentication method that is supported on apple products, particularly iPads (I know, *deep sigh*) * Some type of machine authentication I'm fairly new to RRAS. However, from my reading I understand that this will probably be configured to use IPSEC/L2TP using the certificate to do Machine Authentication and username/password to do user authentication. I have an XP machine setup and working in this scenario. However, how do you handle generating certificates for a machine that is not on the domain or even network for that matter? Such as a remote person's ipads or vendors that require VPN access? Thanks in advance for any thoughts, ideas, suggestion. Like I said, this is my first dive into this stuff at this level, and I'll take any advice I can get. Thanks, Todd ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
