0

I am trying to implement remote client access using L2TP/IPSec VPN for both domain members and non-members. Domain members is fine and working OK but I am having trouble issuing a certificate to the non-domain members.

I believe I must be looking at issuing the computer certs via web enrollment, so I have made a duplicate of the Computer template, and changed the Subject Name setting to 'Supply in the request', since I assuming trying to build it from AD is pointless for a non-member.

Problem is, when I try to create a New > 'Certificate Template to Issue', my new template is not showing in the list, nor is the template showing in the web enrollment site.

I have a feeling I am missing something simple. I am using an Enterprise Admin account when using the CA MMC, and my Enterprise CA is running on a Server 2003 R2 Std machine.

Any suggestions to what I might be missing/doing wrong? Thanks in advance...

maweeras
  • 2,734
  • 2
  • 17
  • 23
Tony Blunt
  • 167
  • 5
  • 14
  • Actually just dug a bit further and found that this is a limitation of 2003 *Std*. See Link : http://serverfault.com/questions/252544/missing-certificate-template-from-certificate-to-issue Back to the drawing board then :( – Tony Blunt Nov 09 '11 at 14:04

1 Answers1

1

The New > Cert to Issue thing, you just have to wait 5 minutes for AD to catch up.

You are correct that you can't issue certs that are based on AD information to non-AD members. You can use the Web Interface, CA Management Console, certutil, or PowerShell to process the CSRs.

Note: The above requires Enterprise or DC versions of Windows Server. Standard or SBS will not work.

Chris S
  • 77,945
  • 11
  • 124
  • 216
  • Thanks Chris. You have confirmed what I feared - standard edition being a no-go. Looks like I'll have go an ask for money to buy an enterprise licence :( – Tony Blunt Nov 09 '11 at 14:53