Certificate Template Design
The number of certificate templates that you design for VPN access will depend on the tunneling protocol and authentication protocols used in your solution. The sections that follow detail the certificate template requirements for each component of the VPN solution.
The user authentication certificate must include the Client Authentication OID in the EKU. For the VPN user authentication, you implement either a private key and certificate stored in the user’s profile or a certificate stored on a smart card.
If you choose to deploy a certificate on a Smart Card certificate for VPN authentication, consider duplicating the version 1 Smart Card Login certificate template. Make the following modifications ...