Certificate Template Design

The number of certificate templates that you design for VPN access will depend on the tunneling protocol and authentication protocols used in your solution. The sections that follow detail the certificate template requirements for each component of the VPN solution.

User Authentication

The user authentication certificate must include the Client Authentication OID in the EKU. For the VPN user authentication, you implement either a private key and certificate stored in the user’s profile or a certificate stored on a smart card.

If you choose to deploy a certificate on a Smart Card certificate for VPN authentication, consider duplicating the version 1 Smart Card Login certificate template. Make the following modifications ...

Get Windows Server® 2008 PKI and Certificate Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.