The default Enterprise Certificate Authority installation requires clients to use an SSL connection to download the Certificate Revocation List. While this may sound like a good idea, there's a bug in Windows Server 2008 that prevents it from working properly. Therefore, we must remove the SSL requirement. To do so, perform the following steps on your Enterprise Certificate Authority:
- Open the Server Manager and navigate through the
Vista VPN setup guide, part 2 Learn how to configure Windows Vista workstations in part 2 of our Vista VPN setup guide.
- When the Internet Information Services (IIS) console opens, navigate through the console tree to your server | Sites | Default Web Site | CertEnroll.
- Click on the Feature View button found at the bottom of the results pane, then double-click the SSL Settings icon.
- When the SSL Settings screen appears, deselect the Require SSL check box, and click the Apply button.
Stay tuned for a step-by-step guide to client-side Vista VPN configuration.
Vista VPN setup guide, part 1
Set up a domain controller
Install DHCP services
Install Active Directory Certificate Services
Request a machine certificate
Install the Routing and Remote Access Service role
Configure the VPN server
Publish the Certificate Revocation List
Make the CRL accessible
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.
This was first published in May 2008