A. If you wish to use certification for IP Sec then each machine has to have a client or server authentication certificate installed. These can be obtained from a number of Certificate Authorities (including Microsoft for testing and that is what we will do here) and installed as follows:

  1. Start Internet Explorer
  2. Move to http://sectestca2.rte.microsoft.com/certsrv
  3. Select 'Request a certificate' and click Next
  4. In the request type screen select Advanced request and click Next
  5. Under the advanced screen select 'Submit a certificate request to this CA using a form' and click Next
  6. Enter the details as follows
    - Name
    - Email
    - Select either 'Server Authentication Certificate' or 'Client Authentication Certificate' under Intended use
    - For Key Options set the CSP to 'Microsoft Base Cryptographic Provider v1.0'
    - Under Key Usage select 'Signature'
    - Key size of 1024
    - Check 'Use local machine store'
    Click here to view image
  7. Click Submit
  8. You will be informed to check back in a few days to receive your certificate