VPN using L2TP and certificates

[Michael Ellis]

Hi,

I am trying to create a VPN using L2TP with authentication by a
certificate. I have created the certificate (PKCS12), imported into the
Certificates (LOcal Computer)\Personal\Certificates.

When trying to use the L2TP VPN connection (client), Windows reports
that a suitable certificate is not found (error 798) for EAP.

The certificate was created using openssl (as opposed to a Microsoft
Certificate Services).

My problem could be
- I imported the certificate into the wrong location
- The certificate is not compatible with Microsoft's schannel
- Something else I can't figure out

If anyone out there can shed any light on this problem, including
confirming that I imported the certificate into the right place, I would
appreciate it.

Thanks in advance.

Kind regards,
Michael.

 

[Marek]

What kind of VPN server?

You must have MS PKI implemented in you enviroment.
Enterprise or stand alone Certification Authority installed.

More info about implementing PKI in MS enviroment:
http://www.microsoft.com/windowsserver2003/technologies/pki/default.mspx#EEF

 

[Michael Ellis]

Hi, The VPN server is Windows 2000 Server. The problem is at the
client end not recognising the certificate. There is a Microsoft
support page that states that third party certificates can be used so
this is what I am attempting.

The client doesn't find/recognise the certificate so it doesn't even
attempt to make the connection.

Thanks.

Kind regards,
Michael.

 

[Marek]

May be the simplest way to make it functional is to implement MS PKI rather
than spending hours with this unknown issue.

Computer ceritiface must be issued by CA known for RRAS server. Yes you
import certificate to client machine, but how RRAS server know that this is
the certificate issued by trusted authority? With what RRAS server compare it?