Certificate Question?

[Ray Gibson]

I have a win2k box setup as the VPN server for a remote network. It is
configured as a Standalone CA and uses its keys for the L2TP over IPSEC
traffic. It works Great!.

Here's my question. The keys expire in 2 weeks. I have since migrated to
AD and have installed an Enterprise Root CA. I want all of the client
machines to request certs from the Enterprise CA and eventually remove the
standalone CA.

Since the existing certificte on the VPN server doesn't expire for 2 weeks,
can I add a new certificate to it from the Enterprise CA for testing without
mucking up the existing cert? I'd love to be able to update my remote
network clients (XP Laptops) one at a time prior to their certs expiring.

The Enterprise CA is a Win2k3 server.

Your help would be greatly appreciated.
Thanks in advance. Ray

 

[Wajihy [MSFT]]

yes
you can export the actual certificate from the cert store to your the local
drive
then request a new certificate using the web or MMC and use it
then if you want to go back to the old cert delete the one you have from
thecert store and import the other one from your server

--

This posting is provided "AS IS", with NO warranties and confers NO rights

Upcoming Event: Tech Chat about "Secure Wireless authentication using IAS,
PEAP and EAP"
on September 25th at 10AM PT
http://communities2.microsoft.com/home/chatroom.aspx?siteid=34000081

 

[Ray Gibson]

Thanks for the response....

Just to clarify, you are saying that I can keep my existing cert (expires
soon) on the VPN box, and also add a new certificate to the VPN box (new
expiration date) so that I can update my client's certs one at a time?

Why would I have to export anything? If both old and new keys reside on VPN
box, then both old and updated clients should be able to connect?