Hoping you can help me out here. I am attempting to setup a client VPN through our Cisco Meraki MX80 security appliance/router. I plan to use the Active Directory Authentication option so that users can authenticate through our Domain Controller. The piece that I am stuck on is the certificate portion. The VPN authenticates through TLS.
Meraki Document: https://documentation.meraki.com/MX-Z/Client_VPN/Integrating_Active_Directory_with_Client_VPN
Can someone walk me through how the SSL/TSL Certificate works and how I set that up? I have a domain controller accessible internally (invisible to the internet, but reachable by the router). From my understanding, the certificate needs to be setup on that domain controller to make this work. We are running Server 2012 Standard R2. How do I purchase and link up the certificate? I was thinking of using StartSSL for the free cert, but their site is not accepting new users at the time 🙁
When I went to RapidSSL to purchase their cert at $49 per year, it was asking for a CSR as generated by the server. How do I get this CSR from my domain controller? What roles do I need installed? Will the cert even work since the DC is not accessible/visible to the internet? This is one area where I am clearly not an expert, so please forgive my noobishness. 😉
I'm planning to use vpn.webdomain.com as the VPN's address and already have the records created to route that subdomain to our router's public, static IP address.
Thanks for any help you can offer!
Best Answer
Meraki has this very well outlined in their documentation:
https://documentation.meraki.com/zGeneral_Administration/Non-Meraki_Configuration/Creating_an_Offline_Certificate_Request_in_Windows_Server
The ouput of the above link are what you need to provide to RapidSSL.