question

ssaini-0808 avatar image
0 Votes"
ssaini-0808 asked VickyWang-MFST answered

Computer and User Certificate Auto Enrollment over SSL VPN connection

We are using Microsoft PKI to issue user and computer certificates using autoenrollment to window 10 machines. Certificates are issuing perfectly for machines connected on corporate LAN using wired and wireless connectivity. But certificate not getting issued for window 10 endpoints connected on SSL VPN ( working from home). Autoenrollment GPO is linked to endpoints and applied successfully over VPN connection, also endpoints have autoenroll rights on template.

VPN gateway is setup in a way that we need to reconnect VPN once signout and signin back into the computer.

No event has been seen in event viewer for updating local certificate store for any newly issued certificate and MMC personal store is showing blank. Please suggest how to autoenroll certificates for window 10 machines connected on SSL VPN connection.

windows-10-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Hi,

Welcome to share your current situation if there are any updates.

Please feel free to let us know if you need further assistance.


Best Regards,
Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Hi,

Welcome to share your current situation if there are any updates.

Please feel free to let us know if you need further assistance.


Best Regards,
Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Step 1 - Create a security group
To create a security group on Active Directory

On DC1, click Start > Administrative Tools, and then click Server Manager.
In the navigation pane, expand Roles, expand Active Directory Domain Services, expand Active Directory Users and Computers, expand contoso.com, right-click Users, click New, and then click Group.
In the New Object - Group dialog box, in the Group name text box, type a name for the group. Example: AutoEnrollGroup.
Click OK. Leave Server Manager running with the Computers container shown in the results pane.
Step 2 - Create a certificate template to enroll
To create a certificate template

Open the Certificate Templates Console
From the Start menu, click Run.
Type certtmpl.msc in the text box and click OK. Certificate Templates Console window appears on the page.
Under General tab,
Type a Template display name. For example, User Auto Enroll.
(Optional) Modify the default Validity Period and Renewal Period as per your requirements.
Select Publish certificate in Active Directory check box.
reference:https://docs.druva.com/Knowledge_Base/inSync/How_To/How_to_set_up_automatic_certificate_enrollment_in_Active_Directory

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.