我的理解是,用作身份验证一部分的证书必须来自 Active Directory 证书服务,并且无法从任何其他来源获取它(我承认不会太努力地弄清楚是否可能,我正在研究另一个 VPN 相关项目的 SSTP)
将 2008 服务器设置为独立的 AD 控制器可以解决这个问题; 客户端系统不需要位于域中。
My understanding is that the certificate used as part of the authentication hasto come from Active Directory Certificate Services, and there is no way to get it from any other source (I'll admit to not trying too hard to figure out if it was possible, I was investigating SSTP for another VPN related project)
Setting up the 2008 server as a standalone AD controller would get around the issue; the client systems don't need to be in the domain.
you connect with host address for sstp. you can use standard web certificate from any ssl cert provider. that host address need to resolve to your vpn server.
发布评论
评论(2)
我的理解是,用作身份验证一部分的证书必须来自 Active Directory 证书服务,并且无法从任何其他来源获取它(我承认不会太努力地弄清楚是否可能,我正在研究另一个 VPN 相关项目的 SSTP)
将 2008 服务器设置为独立的 AD 控制器可以解决这个问题; 客户端系统不需要位于域中。
My understanding is that the certificate used as part of the authentication hasto come from Active Directory Certificate Services, and there is no way to get it from any other source (I'll admit to not trying too hard to figure out if it was possible, I was investigating SSTP for another VPN related project)
Setting up the 2008 server as a standalone AD controller would get around the issue; the client systems don't need to be in the domain.
您使用 sstp 的主机地址进行连接。 您可以使用任何 ssl 证书提供商提供的标准 Web 证书。 该主机地址需要解析为您的 VPN 服务器。
分步指南
http:// www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Remote-Access-SSL-VPN-Server-Part2.html
you connect with host address for sstp. you can use standard web certificate from any ssl cert provider. that host address need to resolve to your vpn server.
step-by-step guide
http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Remote-Access-SSL-VPN-Server-Part2.html