Install certificate user domain

Raul Guchinife 100 Reputation points
2023-03-07T09:59:54.4166667+00:00

Hello, I want to implement password and certificate authentication in vpn connections, for this I have to generate in the CA a certificate from the CA itself and a client certificate that must be installed on the users' computers. I understand that this certificate has to carry the private key with its password. How can I distribute these certificates with their passwords to all domain users?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,027 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,712 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. JimmySalian-2011 41,911 Reputation points
    2023-03-07T10:23:43.6666667+00:00

    @Raul Guchinife in this case you will need to setup a PKI (CA Infrastructure) this will allow you to deploy the Certificates and setup appropriate certificates for authentication. Either you can go for single tier PKI server or a secure Two Tier setup and here are the steps - https://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspx

    The link contains steps that are comprehensive and detailed so you will need to see if all the components are required such as OCSP as AIA and CRL can do the job in a small environment.

    GPOs can be used to deploy the certificates to the devices and User enrollment policies will be required for this.

    Hope this helps.

    JS

    ==

    Please accept as answer and do a Thumbs-up to upvote this response if you are satisfied with the community help. Your upvote will be beneficial for the community users facing similar issues.