Machine Network Authentication Using Certificates

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hey folks, hope you'll all well!!!

Apologies if this thread is in the wrong place.

My head is pounding, i'm a network technician ay my work. We have various remote users. We have implemented a VPN bi-directional tunnel to our main site using Netscreen Remote VPN connecting to our Juniper Firewall at the main site. Authentication is carried out at the main site using RADIUS based on user name and password, remote user is allocated an IP address via the address pool on the main firewall.

All the above works well, now my manager would like me to try and impliment network authentication on the remote PC/laptop using a certificate instead of username and password. I have spoken to the server team and they inform me that they dont use certificates and didn't seem keen to help, (just as my boss thought!) although they expect us to drop everything for them when they have an issue. Anyhoo he has kindly left this with me. I'm only just starting to get to grips with the large network that we look after and have never really dealt to much with Active Directory.

I have spent a good bit of the day researching the Tech Net site, i seems a minefield! PKI's public keys, private keys etc etc. We have already got an Enterprise CA set up on the test domain controller but im lost as to how to impliment a new certificate and deploy it to allow for what im looking to do.

I'm not looking for any of you guys to explain the whole thing but if you could put me in the right direction to find a good step by step guide to create this network authentication via certificate based on the computer, any link would be greatly appreciated.

The test domain controller is 2000 server. The real one is 2003 server standard edition.

Thanks you in advance and apologies if vague as im certainly no expert!

 

Wagnerk, that pdf is very helpfull indeed, thank you very much mate!

It show the steps i was looking for with regards to setting up the certificate itself.

I love this place!

Thanks again!

 

Much appreciated, just what i was looking for!