Configure the calling router for certificate-based EAP

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To configure the calling router for certificate-based EAP

  1. Open Routing and Remote Access.

  2. In the console tree, click Network Interfaces.

    Where?

    • Routing and Remote Access/server name/Network Interfaces

  3. In the details pane, right-click the appropriate demand-dial interface, and then click Properties.

  4. On the Security tab, click Advanced (custom settings), and then click Settings.

  5. Under Logon security, click Use Extensible Authentication Protocol (EAP), click Smart card or other certificate (TLS) (encryption enabled), and then click Properties.

  6. In the Smart Card or Other Certificate (TLS) Properties dialog box, click Use a certificate on this computer.

  7. To enable validation of the server certificate, select the Validate server certificate check box, select the Connect to these servers check box, and then type the DNS domain name of the answering router preceded by a period.

  8. In Trusted Root Certification Authorities, click the root certification authority of the answering router, and then click OK.

  9. Click OK to save changes to the security configuration, and then click OK again to save changes to the demand-dial interface.

  10. In the details pane, right-click the demand-dial interface, and then click Set credentials.

  11. In User name on certificate, click the user certificate for this demand-dial connection, and then click OK.

Notes

  • To perform this procedure, you must be a member of the Administrators group. As a security best practice, consider using the Run As command rather than logging on with administrative credentials. If you have logged on with administrative credentials, you can also open Routing and Remote Access by clicking Start, clicking Control Panel, double-clicking Administrative Tools, and then double-clicking Routing and Remote Access. For more information, see Default local groups, Default groups, and Using Run as.

  • If the root certification authority for the answering router does not appear, the root certification authority certificate for the answering router may be in the personal store rather than trusted root certification authorities store.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Working with MMC console files
EAP
Deploying certificate-based authentication for demand-dial routing
Business partner demand-dial connection
Branch office demand-dial connection
Configure the answering router for certificate-based EAP
Move a certificate