Using a Certificate

This chapter describes the configuration of Microsoft Windows for using X.509 certificates as IPsec authentication. The configuration is generated in two steps:

Importing a Certificate into Windows 7

  1. Start the management console.

    • In Windows Vista or 7, click Start, then, in the Search field, enter mmc.

      The program mmc is displayed in the Programs list.

      Click the mmc entry.

      Depending on your settings, you need to confirm with Yes or Continue. The management console opens.

    • In Windows XP, click Start > Run. Enter mmc and click OK.

  2. From the menu, select File > Add/Remove Snap-in.

  3. Click Add.

  4. Select Certificates, then click Add.

  5. Select Computer account, then click Next.

  6. Select Local computer (the computer this console is running on).

  7. Click Finish, then Close, and then OK.

  8. In the tree view on the left side, in the category Certificates (Local Computer), right-click Personal.

  9. From the context menu select All Tasks > Import.

    The Certificate Import Wizard opens.

  10. Click Next.

  11. Select Browse and select the PKCS#12 container file to import.

    You might have to select the correct file extension .p12 in the drop-down list to be displayed the PKCS#12 container files.

  12. Click Next.

  13. Enter the security password.

    Enter the security password of the certificate that you used while downloading the certificate from the User Portal.

  14. Click Next.

  15. Select Automatically select the certificate store based on the type of certificate.

  16. Click Next and then Finish.

  17. Select Action > Refresh.

    Now, the newly imported certificate should be visible.

  18. Close the management console.

    If asked whether you want to save anything, you don’t need to.

  19. Move the CA certificate to the root CA folder, if necessary.

Configure Windows 7

  1. Click Start and then Control Panel.

  2. In the Control Panel, click Network and Internet, then Network and Sharing Center.

  3. Click Set up a new connection or network.

    The Set up a Connection or Network assistant opens.

  4. Click Connect to a workplace and Next.

  5. Define the dial-up internet connection.

    If you have a permanent connection to the internet, select the Use my internet connection (VPN) option. Otherwise, click Dial directly, and then select your dial-up internet connection from the list.

  6. Click Next.

  7. Enter the hostname or the IP address of the gateway you want to connect to.

  8. Enter a descriptive name for the connection.

  9. Optional: Select the following options if required:

    Allow other people to use this connection: Select this option if you want the connection to be available to anyone who signs in to the client.

    Don't connect now; just set it up so I can connect later: Select this option if you want to use the connection later.

  10. Click Next.

  11. Enter the user credentials.

    Enter the User name and Password (Remote User Account).

  12. Click Create.

    The assistant closes.

  13. In the Network and Sharing Center, click Connect to a network.

    A list with the available network connection opens.

  14. Right-click the new connection and select Properties.

    The Connection Properties dialog box opens.

  1. Select the Security tab.

  2. In the Type of VPN section select Layer 2 Tunneling Protocol with IPsec (L2TP/IPsec).

  3. Set the Data encryption option to Optional encryption (connect even if no encryption).

To close the dialog box, click OK.

Now you can directly establish the connection in the sign-in window.