E
Eddie Wedensworth
Here's my scenario: We're doing L2TP VPNs, and we have a very well
functional internal PKI set up (doing EAP-TLS for interal wireless, so
it's well tested).
In doing L2TP VPNs, we need to get certificates on the clients--a User
level certificate stored in the local computer store. That's easy, we
do it with autoenrollment and a GPO on the domain.
However, I have 2 clients that are not part of my domain that need to
get a computer certificate. I can get them the certs for my Root and
issuing certificate authorities, that's easy, but how in the world do
I get them a computer certificate?
Please note, they are completely disconnected. Our Certificate server
is not reachable from the outside world, nor are these computers going
to be toted into the office to be on my network anytime soon. I'm not
doing PPTP to get them in without certificates to make the request.
How can I make a request on their behalf and export something that I
can send via floppy or USB? We're not ready to do smartcards yet.
Gratzi
Edd
functional internal PKI set up (doing EAP-TLS for interal wireless, so
it's well tested).
In doing L2TP VPNs, we need to get certificates on the clients--a User
level certificate stored in the local computer store. That's easy, we
do it with autoenrollment and a GPO on the domain.
However, I have 2 clients that are not part of my domain that need to
get a computer certificate. I can get them the certs for my Root and
issuing certificate authorities, that's easy, but how in the world do
I get them a computer certificate?
Please note, they are completely disconnected. Our Certificate server
is not reachable from the outside world, nor are these computers going
to be toted into the office to be on my network anytime soon. I'm not
doing PPTP to get them in without certificates to make the request.
How can I make a request on their behalf and export something that I
can send via floppy or USB? We're not ready to do smartcards yet.
Gratzi
Edd