Windows 2003 Server
Requesting a VPN Client Certificate
If the issuing Jurisdiction is configured to allow end users to select a certificate extension profile, tell them to select the VPN/IPsec profile on the certificate request form.
The end user requests a certificate in the usual way, using a browser.
Issuing a VPN Client Certificate
To issue a VPN client certificate:
1. Click Certificate Operations and view the active requests of the issuing Jurisdiction.
2. Select and vet a request, making sure that the VPN/IPsec certificate extension profile is selected.
The VPN/IPsec profile adds two mandatory extensions to the certificate,Authority Key Identifier and Subject Key Identifier (these values are calculated by Certificate Manager), and two recommended extensions, Extended Key Usage and Key Usage.
Note: VPN client certificates do not require these key usage options. However,RSA recommends that you add them to strictly conform with the Microsoft VPN client certificate.
Extension Must Contain:
Extended Key Usage Client Authentication (1.3.6.1.5.5.7.3.2)
Key Usage Digital Signature
Key Encipherment
Key AgreementCtificate Manager with the Microsoft Windows PKI Admintrator?s Guide
3. Click Issue Certificate.
A series of Client Certificate Extension Values pages opens.
4. Review each page, providing configuration details or values, if needed, and click Next.
Under extKeyUsage, change the extension OID to 1.3.6.1.5.5.7.3.2 for client authentication from 1.3.6.1.5.5.7.3.5 for IPSec end system, which is already specified.
Important: If the Extended Key Usage extension is selected, the OID specified for Extended Key Usage must be 1.3.6.1.5.5.7.3.2 for client authentication.
Related Articles
Remote Access VPN Configuration - Cisco FTD RSA Ready SecurID Access Implementation Guide 49Number of Views Global Protect VPN Authentication Configuration - RSA Ready Implementation Guide 82Number of Views Global Protect VPN Client Side Sample Configuration 69Number of Views Global Protect VPN - LDAP RSA Passcode RSA Ready Implementation Guide 15Number of Views Trying to log in through Altiga VPN using Windows 2000 IPSEC 12Number of Views
Trending Articles
RSA Authentication Manager 8.9 Setup and Configuration Guide How to 'Trust' the RSA Authentication Manager Security Console Self-Signed Root CA certificate and prevent Cert warnings. RSA Authentication Manager 8.9 Release Notes (January 2026) Configure RSA Authentication Manager as a Secure Proxy Server for Cloud Access Service RSA Authentication Manager Upgrade Process