Get started Bring yourself up to speed with our introductory content.

How to establish trust between a Vista client and certificate

Learn how to tell a Windows Vista VPN client that an enterprise certificate authority is trustworthy in this VPN setup guide.

As you may recall, we assigned an SSL certificate

Vista VPN setup guide, part 1
Learn how to configure Windows Server 2008 to act as an SSL VPN server in part 1 of our Vista VPN setup guide.
to our VPN server earlier, in part one of the VPN setup guide. The problem is that if you used an enterprise certificate authority to create that certificate, then the VPN client may not trust the certificate. We therefore need to tell the VPN client that the enterprise certificate authority is trustworthy. To do so, follow these steps:

  1. While still connected through the VPN link, open Internet Explorer and enter the certificate authority's URL. This will typically be HTTP://the certificate authority's IP address/certserv. For example, it might look like this:
  2. When prompted, enter a set of administrative credentials.
  3. Internet Explorer will display the Microsoft Active Directory Certificate Services website. Click the Download a CA Certificate, Certificate Chain or CRL link.
  4. At this point, Windows may generate a security warning. If you receive a warning, click the Allow button.
  5. Click the Download CA Certificate link.
  6. Windows will now ask you if you want to open or save the file that you are downloading. Click the Save button.
  7. When prompted, enter a path to save the certificate to.
  8. When the download completes, click the Close button.

Vista VPN setup guide, part 2

  Connect to the VPN server
  Establish trust
  Install the downloaded certificate
  Configure the VPN connection to use SSL

Brien Posey
About the author
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at .

Dig Deeper on Campus area networks and services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.