IPSec on Win2k/WinXP: per-user-certificates possible?
Hi, i have a little problem with understanding how windows manages certificates. i have running a freeswan-server (suse 8.2) and multiple Win2k/WinXP- roadwarriors. in windows the certificates are located in "local computer". so every user at this machine can establish an ipsec-connection with this certificate. my questions: - how can install the certificates per-user? - if more than one certificate is installed on one machine, how can i ensure that only a specific cert is used for every user? thx, andy
* Andreas Thierer wrote on Wed, Jul 23, 2003 at 16:37 +0200:
i have running a freeswan-server (suse 8.2) and multiple Win2k/WinXP- roadwarriors.
my questions: - how can install the certificates per-user?
Having certificates for network-level, system-wide IPSec per-user? Does this make sense?
- if more than one certificate is installed on one machine, how can i ensure that only a specific cert is used for every user?
I think, via IP/IPSec you can identify hosts but not who opened a socket on some port. A user could start a client on some port and make it wait until some other user establishes "his" SA I think. Application level authentication is often better to identify users I guess. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (2)
-
Andreas Thierer -
Steffen Dettmer