F
F
favor1t2017-02-20 09:54:20
iOS
favor1t, 2017-02-20 09:54:20

Issuing l2tp certificates for ios?

Hello! I deployed vpn on winserver2012 using standard sstp + certificate tools (I was glad for port 443 that no one blocks), but the company needed to use the network from apple devices. The standard client is ready to offer only l2tp from the implementation with certificates. Tell me how to issue certificates? Now vpn machine is outside the domain. Is the release done from powershell or do you need a request from the device? A little lost :(

Answer the question

In order to leave comments, you need to log in

1 answer(s)
C
CityCat4, 2017-02-20
@CityCat4

On Windows, unless you use third-party tools, everything about certificates is incredibly confusing.
- Whether AD is required for a certification authority - I don’t know, the idea of ​​deploying it without AD never occurred to me. AD is used and very widely used.
- All certificate issuance is based on templates. If the certificate must have some atypical OIDs, it is better to first see if they are in the required templates and if there are such templates at all, if not, you will have to create them.
- There is no separate CSR creation program. Well, in the sense, Windows, graphical with whistles and squeakers, there is only a text program that uses a text ini file, called, if I'm not mistaken, certreq.exe Windows believes that the CSR should be generated on the fly, the request immediately goes to the certificate center and the certificate is issued discreetly - so that the user does not have access to the certificate key :) Which, of course, will not work for you - the certificate will need to be installed on the yabble.
- To use certificates at least somewhere other than on the computer where the CSR was generated, you will have to generate it (CSR) with a third-party tool and transfer it as base64 to the certification authority through the center's web face - I do it myself, although it is crooked, inconvenient and pretty ridiculous. But on the other hand, the process of forming .p12 is completely under control.
A request from the device is optional. You can also generate on the server - if there is anything. Is there something like this in powershell - I never thought, maybe there is

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question