VPN Client 3.x or 4.x and Certification Store

STEFAN KLUEPPEL · ‎08-19-2003

Hello,

we want to use SCEP for Cert-Rollout between our

clients (VPN) and the CA-Server.

So far, this thing works fine.

The Cert is stored in CiscoStore (locally on HDD).

So now we want to use an Aladdin USB eTokenPro and

export/move the Cert from Cisco Store to Microsoft Store, cause Aladdin cannot read CiscoStore but

MicrosoftStore.

Is it possible to choose/change the default CertStore on the VPNclient in certain config/ini-files ?

or

to export the cert into Microsoft-store.

Still we would like to further use SCEP for

rollout, but we need to get the Token involved,

without let the user do the certimport manually.

TIA,

Stefan

mostiguy · ‎08-19-2003

You might need to script creation of .pcf files - look in the profiles subdirectory of your vpn client install. Certs look like the require work, whereas it is dead simple to automate a non cert deployment (I am rolling out the latest 3.6 client in msi format, along with .ini and .pcf files via active directory software publishing at a side project = no user config whatsover).

What I would recommend is setting up a test workstation, configuring it exactly as you would like, and then look at how the settings in the .pcf file end up. I don't know how the vpn client will treat a cert that is not on a local drive - especially if you use removable drives, there might not be any way for you to guarantee that all of your users will have the usb drive show up as the same drive letter.

Best of luck,

matt