locked
How to renew DA client certificate offline RRS feed

  • Question

  • Hi,

    I got a strange situation where computer with DirectAccess (turned off for a long time) has been turned on again and need to connect via DirectAccess (IPHTTPS) to corporate network again. Problem is its in remote location and its computer certificate has expired and so its unable to establish a tunnel and auto renew.

    I need to generate CSR for this computer, copy it to the corporate CA and sign it there. Then import back to DA client. Im unable to find a guide how to do this. Can anyone point me to the correct article or give me a tip how to do this?

    I have tried to do it via web page http://caservername/certsrv in corporate network but Im unable to see a Client/Server Authentication Certificate Template option in the drop down list on Advanced Certificate Request.

    Thanks.

    Wednesday, June 5, 2013 9:25 AM

Answers

  • We were able to figure this out, just now. What we did was that on the CA (luckily its on win2008 ent) we created a copy from the DirectAccessClients certificate template and published that template. Then created new cerificate and used the custom template created in step 1 to generate new SSL certificate with the DNS name of the client PC. Exported with private key, copied over and imported. 
    • Marked as answer by Tullkas Wednesday, June 5, 2013 1:03 PM
    Wednesday, June 5, 2013 1:03 PM

All replies

  • We were able to figure this out, just now. What we did was that on the CA (luckily its on win2008 ent) we created a copy from the DirectAccessClients certificate template and published that template. Then created new cerificate and used the custom template created in step 1 to generate new SSL certificate with the DNS name of the client PC. Exported with private key, copied over and imported. 
    • Marked as answer by Tullkas Wednesday, June 5, 2013 1:03 PM
    Wednesday, June 5, 2013 1:03 PM
  • Hi,

    I already faced this problem with a Customer of mine that was so happy with DirectAccess, that he forgot to perform basic tests before sending computers.

    http://danstoncloud.com/blogs/simplebydesign/archive/2013/04/14/recover-directaccess-clients-with-missing-ipsec-certificate.aspx


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Wednesday, June 5, 2013 7:59 PM