Setting up CA for VPN AD Sync

GB7111
New here

Setting up CA for VPN AD Sync

We want the ability to integrate meraki with our AD so users can authenticate through VPN with their AD passwords. Looking at some of the Meraki provided instructions, I can only find documentation for installing a self signed certificate. There is a warning in the instructions that it's not recommended to install a self-signed cert in production. A CA is a more secure choice. However, I can't find any instructions on doing it through a CA.

 

I've installed the CA role on our DC and am ready to finish setup and create a cert. Are there any instructions on doing this? I started to walk through it but it starts asking questions on the type of hash, etc and I'm not sure what will be compatible with meraki.

 

thanks

3 REPLIES 3
ErikDavis
Just browsing

did you setup your certificate template to support this? https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Certificate_Requirements_for_T...
Index=default | eval be = if(do = ”good” , ”great” , ”nothing”)
PhilipDAth
Kind of a big deal
Kind of a big deal

On each AD server:

Start/Run

Type in "mmc" and hit return

File/Add-Remove Snap In/Certficates/Add/Computer Account

Screenshot from 2017-09-29 07-28-19.png

Next/Finish/OK

Expand Certificates/Personal/Certificates

Screenshot from 2017-09-29 07-29-43.png

Right click on "Certificates", All Tasks, Request New Certificate, Next

 

If you have deployed a CA you should be able to choose "Active Directory Enrolment Policy".

Screenshot from 2017-09-29 07-31-20.png

Click Next.  Select all the options available.

Screenshot from 2017-09-29 07-32-55.png

 

Click Enroll and you are about done.

 

Kudos for your post @PhilipDAth !
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels