The default Enterprise Certificate Authority installation requires clients to use an SSL connection to download the Certificate Revocation List. While this may sound like a good idea, there's a bug in Windows Server 2008 that prevents it from working properly. Therefore, we must remove the SSL requirement. To do so, perform the following steps on your Enterprise Certificate Authority:
- Open the Server Manager and navigate through the console tree to Server Manager | Roles | Web Server (IIS) | Internet Information Services (IIS) Manager.
- When the Internet Information Services (IIS) console opens, navigate through the console tree to your server | Sites | Default Web Site | CertEnroll.
- Click on the Feature View button found at the bottom of the results pane, then double-click the SSL Settings icon.
- When the SSL Settings screen appears, deselect the Require SSL check box, and click the Apply button.
Vista VPN setup guide, part 2
Learn how to configure Windows Vista workstations inpart 2 of our Vista VPN setup guide.
Stay tuned for a step-by-step guide to client-side Vista VPN configuration.
Vista VPN setup guide, part 1
Set up a domain controller
Install DHCP services
Install Active Directory Certificate Services
Request a machine certificate
Install the Routing and Remote Access Service role
Configure the VPN server
Publish the Certificate Revocation List
Make the CRL accessible
About the author
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.