Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
Updated: April 30, 2010
Applies To: Windows Server 2008, Windows Server 2008 R2
A certificate infrastructure is a requirement for VPN connections based on Layer Two Tunneling Protocol over Internet Protocol security (L2TP/IPsec), Secure Socket Tunneling Protocol (SSTP), or Extensible Authentication Protocol-Transport Layer Security (EAP-TLS). Certificates provide stronger authentication security than password-based authentication does.
To provide a certificate infrastructure for a VPN client that makes L2TP/IPsec or SSTP connections:
Install a certificate in the Local Computer certificate store on the VPN server.
Install a user certificate in the Current User certificate store of each client.
To provide a certificate infrastructure for user-level authentication with EAP-TLS:
Install a certificate on the authenticating server for the VPN server.
If you are not using smart cards, install a registry-based user certificate on each client.
-Or-
If you are using smart cards, install a certificate on each smart card distributed to a VPN client user.
Before you can install a certificate, a certification authority (CA) must be present and reachable. For a computer in a Windows Server 2008 domain, you can use auto-enrollment or the Certificates snap-in to install a certificate. Alternatively, you can install a certificate by using a Web browser to connect the VPN client to the CA Web enrollment agent.
For more information, see Appendix A: Computer Certificates for VPN Connections in the Routing and Remote Access Design Guide.