Encryption is an important part of VPN communications and it's the certificate server's job to provide the VPN server with a certificate that it can use to encrypt VPN sessions. In this step in the process of setting up a Vista VPN, we configure the infrastructure server to take on the role of a certificate server. If this were a real deployment, you would typically install this role on a separate server.
To install the Active Directory Certificate Services, follow these steps:
- Log on as Administrator.
- Open the Server Manager.
Vista VPN setup guide, part 2 Learn how to configure Windows Vista workstations in part 2 of our Vista VPN setup guide.
- Click the Roles link.
- Click the Add Roles link.
- When the Add Roles Wizard launches, click Next to bypass the Welcome screen.
- Select the Active Directory Certificate Services check box and click Next.
- Click Next when you see the informational screen.
- On the following screen, choose the Certificate Authority and the Certificate Authority Web Enrollment check boxes and click Next.
- When Windows tells you that you must install IIS, click the Add Required Role Services button.
- Click Next.
- Verify that the Enterprise option is selected and click Next.
- Verify that the Root CA option is selected and click Next.
- Choose the option to create a new private key and click Next.
- When the wizard displays the Configure Cryptography for CA screen, click Next to accept the defaults.
- Set the Common Name to ContosoCA and click Next.
- Click Next to accept the default validity period of five years.
- Click Next to accept the default certificate database path.
- Click Next on the Introduction to Web Server (IIS) screen.
- Click Next to accept the default role services.
- Double-check the information shown on the confirmation screen and click the Install button.
- When the installation process completes, click Close.
- Reboot the server.
Vista VPN setup guide, part 1
Set up a domain controller
Install DHCP services
Install Active Directory Certificate Services
Request a machine certificate
Install the Routing and Remote Access Service role
Configure the VPN server
Publish the Certificate Revocation List
Make the CRL accessible
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com .