Setting up CA for VPN AD Sync

GB7111 · ‎09-28-2017

We want the ability to integrate meraki with our AD so users can authenticate through VPN with their AD passwords. Looking at some of the Meraki provided instructions, I can only find documentation for installing a self signed certificate. There is a warning in the instructions that it's not recommended to install a self-signed cert in production. A CA is a more secure choice. However, I can't find any instructions on doing it through a CA.

I've installed the CA role on our DC and am ready to finish setup and create a cert. Are there any instructions on doing this? I started to walk through it but it starts asking questions on the type of hash, etc and I'm not sure what will be compatible with meraki.

thanks

ErikDavis · ‎09-28-2017

did you setup your certificate template to support this? https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Certificate_Requirements_for_T...

Index=default | eval be = if(do = ”good” , ”great” , ”nothing”)

PhilipDAth · ‎09-28-2017

On each AD server:

Start/Run

Type in "mmc" and hit return

File/Add-Remove Snap In/Certficates/Add/Computer Account

Next/Finish/OK

Expand Certificates/Personal/Certificates

Right click on "Certificates", All Tasks, Request New Certificate, Next

If you have deployed a CA you should be able to choose "Active Directory Enrolment Policy".

Click Next. Select all the options available.

Click Enroll and you are about done.

MijanurRahman · ‎09-29-2017

Kudos for your post @PhilipDAth !