Get started Bring yourself up to speed with our introductory content.

How to request a machine certificate for a Vista VPN

Learn how to request a machine certificate for a Vista VPN running on Windows Server 2008 in this part of our VPN setup guide.

The VPN encryption protocol of choice in Windows Server 2008 is SSL. In order to facilitate SSL encryption, your VPN server is going to need to obtain a machine certificate from the Enterprise Certificate Authority that you created. To request a machine certificate, follow these steps:

  1. Open the Server Manager and navigate through the console tree to Server Manager | Roles | Web Server (IIS) | Internet Information Services (IIS) Manager.
    Vista VPN setup guide, part 2
    Learn how to configure Windows Vista workstations in part 2 of our Vista VPN setup guide.
  2. When the Internet Information Services (IIS) console opens, select your VPN server from the console tree, then double-click on the Server Certificates icon found in the results pane.
  3. When the Server Certificates screen appears, click on the Create Domain Certificate link.
  4. Windows will now launch the Create Certificate wizard. The wizard's initial screen asks you to fill in some information regarding the certificate's Distinguished Name. You can enter anything that you want for the majority of the fields on this screen, but the Common Name field must exactly match the FQDN used by the DNS record for your VPN server.
  5. Click Next, and the wizard will display the Online Certificate Authority screen. Click the Select button.
  6. The wizard should now display a screen showing all of the certificate authorities that have been found in your Active Directory Forest. Select your Enterprise Certificate Authority and click OK.
  7. Enter a friendly name for the certificate that you are requesting. You can enter anything that you want, but the name should be descriptive. When you have entered this name, click Finish.

Vista VPN setup guide, part 1

  Set up a domain controller
  Install DHCP services
  Install Active Directory Certificate Services
  Install IIS
  Request a machine certificate
  Install the Routing and Remote Access Service role
  Configure the VPN server
  Publish the Certificate Revocation List
  Make the CRL accessible

Brien Posey
About the author
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at .

Dig Deeper on MSPs and cybersecurity

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.