A stand-alone CA certificate is added to the local certificate store on
domain members only if it is installed on a domain controller. Otherwise, this certificate
needs to be added to all systems that will establish a L2TP/IPSec VPN tunnel.
1. Open Internet Explorer, and browse to the certificate web enrollment page. By
default, this is http://
/certssrv.
2. Select Download a CA Certificate, Certificate Chain, or CRL.
3. Select Download CA Certificate, and save the file to removable media.
This file is not required to be protected and can be freely distributed via any method
including email. This is only the CA??™s public key??”not the private key. For example, many
commercial CAs??™ public keys are distributed with Internet Explorer.
Exporting and Importing Certificates
If all the certificates were created through the certificate enrollment page, either with the
enterprise CA or the stand-alone CA, from the same computer, they must then be
exported to removable media and imported into the local certificates store.
To view the local certificate store on a client or a server, a Microsoft Management Console
(MMC) session must be set up.
Pages:
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451