|
The Windows certificate manager should now be started up as follows:
.* Using a command window, or the Start|Run box, execute the command <tt>mmc</tt> (and answer Yes when asked if you want to allow changes).
.* Select Add/Remove Snap-in from the File menu, choose the Certificates snap-in and add it to selected snap-ins. ▼want to allow changes).
* A dialog will ask if you want to manage certificates for the user account, a service account or computer account. You must select <tt>Computer Account</tt> here in order to manage the system certificates. If you do not select this, or you start up the certificate manager in some other way (eg using <tt>certmgr.msc</tt>, you will not be able to install the certificate system-wide, and the Windows IPsec subsystem will not find it.
▲. Select Add/Remove Snap-in from the File menu, choose the Certificates snap-in and add it to selected snap-ins.
.* AAnother dialog will ask ifwhich you wantcomputer to manage. certificates forChoose the user account, a service account or<tt>Local computer account</tt>.
.* Finally click on <tt>OK</tt> to start the certificate manger snap-in. ▼You *must* select <tt>Computer Account</tt> here in order to manage the system certificates. If you do not select
this, or you start up the certificate manager in some other way (eg using <tt>certmgr.msc</tt>, you will not be able
to install the certificate system-wide, and the Windows IPsec subsystem will not find it.
. Another dialog will ask which computer to manage. Choose <tt>Local computer</tt>.
▲. Finally click on <tt>OK</tt> to start the certificate manger snap-in.
To install the certificate:
.* Double-click on <tt>Certificates (Local Computer)</tt> in the left pane, to open the certificate store names, and then right-click on <tt>Trusted Root Certification Authorities</tt> in the centre pane.
.* ClickSelect <tt> NextAll Tasks</tt> again, and then <tt> FinishImport...</tt> .▼ then right-click on <tt>Trusted Root Certification Authorities</tt> in the centre pane.
.* SelectClick <tt>All TasksNext</tt> and then<tt>Importbrowse to where you saved the CA .crt file..</tt>
.* Click <tt>Next</tt> and browsecheck tothat wherethe certificate will be youplaced savedin the CAtrusted .crtroot filestore.
.* Click <tt>Next</tt> again, and checkthen that the certificate will be placed in the trusted root store<tt>Finish</tt>.
▲. Click <tt>Next</tt> again, and then <tt>Finish</tt>.
There - wasn't that easy! Thank you Microsoft.
Now you need to set up the IPsec network connection details.
.* Go to Control Panel and select <tt>Set up a new connection or network</tt>.
.* Select <tt>Connect to a Network</tt> and choose <tt>Connect to a Workplace</tt>.
.* Click <tt>Next</tt>, select <tt>No, create a new connecton</tt>, <tt>Next</tt>
.* Choose <tt>Use my Internet connection</tt>
.* Insert the server name (eg <tt>server.example.com</tt>), and choose whatever you like to name the connection (Destination name).
.* Select <tt>Don't connect now; ...</tt> ▼to name the connection (Destination name).
.* You don't need to enter User name and password as it will ask again later ▼▲. Select <tt>Don't connect now; ...</tt>
.* Click on <tt>Create</tt> and then <tt>Close</tt> (Don't connect yet!) ▼▲. You don't need to enter User name and password as it will ask again later
* Back at the Network and Sharing Center dialog, select <tt>Connect to a network</tt>
▲. Click on <tt>Create</tt> and then <tt>Close</tt> (Don't connect yet!)
.* Back atRight-click the Networkconnection andyou Sharinghave Centerjust dialog,created in the pop-up box and select <tt>Connect to a networkProperties</tt>
.* Select the <tt>Security</tt> tab, and change the Type of VPN to IKEv2. ▼. Right-click the connection you have just created in the pop-up box and select <tt>Properties</tt>
.* EAP-MSCHAPv2 should already be selected. ▼▲. Select the <tt>Security</tt> tab, and change the Type of VPN to IKEv2.
▲. EAP-MSCHAPv2 should already be selected.
You should now be ready to connect - select <tt>Connect to a network</tt> again, click
| 