Hi there At present I have a Server 2003 Std enviroment with RRAS installed for remote access for employees using company supplied computers (domain members) and also employees sometimes use personal computers (non domain members). There is also might be a requirement for non employess to connect into our network as well. The MD has an Apple Mac so this needs remote access as well. We currently use L2TP/IPSec with a pre-shared key. I'm aware that this is not a recommended practice, but I needed a quick RRAS solution. This has been in place for about a year and I would now like to tighten up security by using certificates. The trouble is I've only had limited exposure to certificates and after having a search on the internet I can only find limited and sometimes conflicting information. Does anybody have any links to documents on installing CA and how to implement it with L2TP/IPSec? I know that I need to install a CA and that this requires IIS, but does this have to be on a DC? Are there pre-configured certificate templates for what I'm trying to achieve and if so which ones are they? Thanks Stuart

Does anybody have any links to documents on installing CA and how to implement it with L2TP/IPSec? I know that I need to install a CA and that this requires IIS, but does this have to be on a DC? Are there pre-configured certificate templates for what I'm trying to achieve and if so which ones are they? You can visit the following link: http://support.microsoft.com/kb/323342 No. We don't need to install CA role on DC. Moreover, it is not recommended to install the roles together on the same computer. Yes. There are built-in IPSec certificate templates, IPSec and IPSec (Offline request). This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi and thanks for the response. I've installed an Enterprise CA on one of my Windows 2003 Std member servers. I've been following the instructions to request a certificate under advanced options. When I do this there is no option for IPSEC at all. I'm trying this under the web interface. I've checked the CA and IPSEC is listed under templates. Thanks in advance for any help offered.