Question on using a specific cert for windows 2003 ipsec authentication
I have an Entrust cert certA which I need to use and which I imported to Certifcates > Personal > Certificates. Entrust.net Certification Authority (2048) - Entrust.net Entrust Certification Authority - L1C - Entrust.net certA CertB In Personal > Certificates, there is also another Entrust cert certB which keeps on being used instead of certA. Iy s there an option (or undocumented registry update) to make use of only certA for Authentication? Also not sure is certmap and excludecaname is yes or no by default. Thanks. [ [ rootca= ] "Entrust.net Certification Authority (2048) - Entrust.net" certmap:{ yes | no } excludecaname:{ yes | no } "] Specifies certificate authentication options. The argument is a string in quotes that contains the following elements: CertNameSpecifies the distinguished name of the certificate, if a certificate is used as an authentication method. certmap:{ yes | no }Specifies whether to enable certificate-to-account mapping. You can enable certificate-to-account mapping to verify that the certificate is being used by a trusted computer. excludecaname:{ yes | no }Specifies whether to exclude from the certificate request the list of trusted root CA names from which a certificate is accepted.
October 30th, 2012 4:10pm

I think we need more information to help you. For example, what are you doing with the certificate SSL for a computer or secure e-mail for a user account. Did you import into the correct store? We need to figure out why your application (and what application) is selecting a certain certificate over the other certificate.
Free Windows Admin Tool Kit Click here and download it now
November 16th, 2012 4:12pm

The 2 certs are are imported to Certificates snapin > This snap-in will always manager certificates for Computer Account > This snap-in will always manager Local Computer > Personal > Certificates via mmc. It would be nice if in Microsoft ipsec I could specify to use certA (instead of using the rootca of certA). In this case certB's has the same rootca. In this case why will Microsoft ipsec process uses certB instead of certA all the time. Is there a setting certificate properties which causing ipsec to use certB instead of certA. I even tried moving certB out of Personal > Certificates. Start ipsec tunnel with certA. copy certB back. But when ipsec policy service restarts, certB is pickup again. I don't have this problem on another server were I have certC and CertB. ipsec seems to be able to use certC all the time. Thanks.
November 21st, 2012 2:16pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics