Hello,
I must be missing something obvious here. I'm trying to implement a PKI system for secure login where I can use my internal CA to issue certificate to users. Certificates that can then be used to log into the network (they are stored in crypto tokens) but also to establish IPSec tunnel through the firewall.
I have followed the guide called "RoadWarrior/PPTP" but there is someting I don't understand: what is that stuff about having to assign user certificates to PPTP connections ? I though the whole point about using PKI was that you didn't have to distribute all the certificates and keys to every device that must authenticate a user, only the certs that where authorized to sign other certs (and grant access to the service).
What I want to do is upload the root and intermediat CA certifcate to the server and have it accept every cert that has a valid signature and that doesn't appears in the CRL (automatically checked).
What am I missing ?
Thanks
This thread was automatically locked due to age.