I am trying to implement remote client access using L2TP/IPSec VPN for both domain members and non-members. Domain members is fine and working OK but I am having trouble issuing a certificate to the non-domain members.
I believe I must be looking at issuing the computer certs via web enrollment, so I have made a duplicate of the Computer template, and changed the Subject Name setting to 'Supply in the request', since I assuming trying to build it from AD is pointless for a non-member.
Problem is, when I try to create a New > 'Certificate Template to Issue', my new template is not showing in the list, nor is the template showing in the web enrollment site.
I have a feeling I am missing something simple. I am using an Enterprise Admin account when using the CA MMC, and my Enterprise CA is running on a Server 2003 R2 Std machine.
Any suggestions to what I might be missing/doing wrong? Thanks in advance…
Best Answer
The New > Cert to Issue thing, you just have to wait 5 minutes for AD to catch up.
You are correct that you can't issue certs that are based on AD information to non-AD members. You can use the Web Interface, CA Management Console,
certutil, or PowerShell to process the CSRs.Note: The above requires Enterprise or DC versions of Windows Server. Standard or SBS will not work.