Follow these steps to make use of certificates as part of the DirectAccess tunnel authentication process:
- The first thing that you need to do is distribute certificates to your DA servers and all DA client computers. The easiest way to do this is by building a new template on the CA server that is duplicated from the in-built Computer template. Whenever I create a custom template for use with DirectAccess, I try to make sure that it meets the following criteria:
- The Subject Name of the certificate should match the Common Name of the computer (which is also the FQDN of the computer)
- The Subject Alternative Name (SAN) of the certificate should match the DNS Name of the computer (which is also the FQDN of the computer)
- The ...