The VPN encryption protocol of choice in Windows Server 2008 is SSL. In order to facilitate SSL encryption, your VPN server is going to need to obtain a machine certificate from the Enterprise Certificate Authority that you created.
- Open the Server Manager and navigate through the console tree to Server Manager | Roles | Web Server (IIS) | Internet Information Services (IIS) Manager.
Vista VPN setup guide, part 2 Learn how to configure Windows Vista workstations in part 2 of our Vista VPN setup guide.
- When the Internet Information Services (IIS) console opens, select your VPN server from the console tree, then double-click on the Server Certificates icon found in the results pane.
- When the Server Certificates screen appears, click on the Create Domain Certificate link.
- Windows will now launch the Create Certificate wizard. The wizard's initial screen asks you to fill in some information regarding the certificate's Distinguished Name. You can enter anything that you want for the majority of the fields on this screen, but the Common Name field must exactly match the FQDN used by the DNS record for your VPN server.
- Click Next, and the wizard will display the Online Certificate Authority screen. Click the Select button.
- The wizard should now display a screen showing all of the certificate authorities that have been found in your Active Directory Forest. Select your Enterprise Certificate Authority and click OK.
- Enter a friendly name for the certificate that you are requesting. You can enter anything that you want, but the name should be descriptive. When you have entered this name, click Finish.
Vista VPN setup guide, part 1
Set up a domain controller
Install DHCP services
Install Active Directory Certificate Services
Request a machine certificate
Install the Routing and Remote Access Service role
Configure the VPN server
Publish the Certificate Revocation List
Make the CRL accessible
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.
This was first published in May 2008