A. If you wish to use certification for IP Sec then each machine has to have a client or server authentication certificate installed. These can be obtained from a number of Certificate Authorities (including Microsoft for testing and that is what we will do here) and installed as follows:
- Start Internet Explorer
- Move to http://sectestca2.rte.microsoft.com/certsrv
- Select 'Request a certificate' and click Next
- In the request type screen select Advanced request and click Next
- Under the advanced screen select 'Submit a certificate request to this CA using a form' and click Next
- Enter the details as follows
- Select either 'Server Authentication Certificate' or 'Client Authentication Certificate' under Intended use
- For Key Options set the CSP to 'Microsoft Base Cryptographic Provider v1.0'
- Under Key Usage select 'Signature'
- Key size of 1024
- Check 'Use local machine store'
Click here to view image
- Click Submit
- You will be informed to check back in a few days to receive your certificate