Problem setting up GPO for IPSec + CA/Certificate Auth

Discussion in 'Windows Networking' started by Ewan, Jul 30, 2005.

  1. Ewan

    Ewan Guest


    I'm trying to set up a GPO with settings for IPSEC, so far i've done:
    Install Enterprise Root CA on member server
    create gpo for IPSEC tasks
    create new security policy
    - create "All IP traffic" rule
    -- add Certification authority "method" as the highest preference

    here is the problem: When I select "User a certificate from this
    certification authority (CA) and click Browse, i get the warning:

    "Active Directory does not contain a shared certificate store. When
    configuring Active Directory-based IPSec policy to use certificate
    authentication, you must ensure that each domain memver has an appropriate
    certificate installed"

    How can i create / enable this "shared certificate store" ?

    I tried "selecting a certification authority from the certificate store on
    the local computer" but after the policy is applied i cannot log in to the
    test servers using a domain account

    thanks in advance
    Ewan, Jul 30, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.