The Vista client needs to have SP1 installed before you get started. This might sound like a strange way to get things started, as I normally suggest that you never put a Web server on a network security device.
The good news is that we do not need to keep the Web server on the VPN server, we just need to use it for a little while. The reason for this is that the Web enrollment site included with the Windows Server Certificate Server is no longer very useful for requesting computer certificates. In fact, it is no use at all.
What is interesting about this is that you can still try to get a computer certificate using the Web enrollment site, and it will look like it was installed, but in fact, the certificate is not installed. To solve this problem, we will take advantage of the fact that we are using an enterprise CA.
When using an Enterprise CA, you can make a request to an online certificate server. The online request for a computer certificate is allowed when you use the IIS Certificate Request Wizard and request what they now call a "Domain Certificate". This only works when the machine requesting the certificate belongs to the same domain as the Enterprise CA. Figure 1. Figure 2. Figure 3. Figure 4. The next step is to request a machine certificate for the VPN server. Figure 5.
Figure 6. Computers that you were able to keep completely healthy when they were under your control are now exposed on a daily basis to all manner of Internet nasties.
The biggest problem is that after those computers go out of your safe environment, they are brought back into work the next day and are plugged into your organizational network. Sign in. Your cart. No jargon. Pictures helped. Didn't match my screen. Incorrect instructions. Too technical. Not enough information. Not enough pictures. Any additional feedback? Submit feedback. Thank you for your feedback! File name. File version. File size.
0コメント