Certificate to be used for DA Server RRS feed

  • Question

  • Hi,

    i have configured the Remote Access and my Direct Access Server is working Fine. I Have used the Split Tunneling and till now i was working on the Default Certificate which was issued by my Direct Access Server. But now i Want to Add the Certificate issued from my Certificate Server For This i made the Duplicate Web Server Template and issued to my DA Server and while Enabling for the Windows 7 client Computers to Connect Via Direct Access, Using that Certificate issued by My CA Server but while Applying the policy find the Below Error:


    Is the error Coming because of my Certificate or i am planning for the Wrong Certificate or is there any other Error. Also Help me to use the Certificate issued from my CA Server. The Answer will be Appreciated




    Tuesday, October 27, 2015 7:45 AM

All replies

  • Hi,

    With the click-next-finish implementation of DirectAccess, your IPHTTPS is using a self signed certificate. When enforcing IPSEC certificate on DirectAccess, A Client-Authentication EKU certificate must be installed on the DirectAccess Gateway and all DirectAccess clients (mandatory for Windows 7 clients as they cannot operate in Kerb-proxy mode).

    So you need to duplicate the computer certificate and enroll the new type of certificate on the DirectAccess Gateway and clients.

    BenoitS - Simple by Design

    • Proposed as answer by BenoitSMVP Tuesday, October 27, 2015 3:23 PM
    Tuesday, October 27, 2015 3:23 PM
  • Hi Benzoits, 

    I tried the above but the result is same getting the same error.

    Wednesday, October 28, 2015 10:55 AM
  • So you have a Certificate having Client-Authentication Key usage in the computer store of your DirectAccess Gateway?

    According to your capture, certificate AC is recognized.

    BenoitS - Simple by Design

    Wednesday, October 28, 2015 4:47 PM