specify preferred certificate for L2TP VPN
hello, my notebooks need to have two IPSec certificates, one with IPSec Intermediat usage and the other with IPSec Endpoint. The problem here is, that my VPN gateway requires the certificate with the IPSec Enpoint to be used for L2TP IPSec authentication and does not allow the other. How do I tell the machines to use the IPSec Enpoint certificate for the L2TP VPN exclusively? (there is still the way of doing it using two different CAs, but I would rather be able to solve is a simpler way) ondrej.
July 17th, 2011 1:38pm

If two or more IPsec certificates are issued by the same CA client subsystem will select only the most conformant and valid certificate ( http://technet.microsoft.com/en-us/library/cc737812(WS.10).aspx ). BTW, IPSec Endpoint EKU is deprecated as per RFC 2409 (draft, §3.1.2) and RFC 4945 (§5.1.3.12). As there never was a choice to select a certificate for IPsec connection I don't believe if it is possible with the single CA (when two or more IPsec certificates are issued by the same CA). My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com
Free Windows Admin Tool Kit Click here and download it now
July 17th, 2011 4:05pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics