How Certificates Secure Communications

Web server applications can be secured using Secure Sockets Layer (SSL). Although Web server MCSE 2003 can provide server authentication to clients and securely share keys for encrypting communications between clients and a server, SSL client-side certificates provide more comprehensive security for extranets. By giving client computers certificates, you allow clients to authenticate to servers. This arrangement is even defined by some as a type of VPN connection.
VPN protocols and authentication choices for remote access services based VPNs, as discussed in previous lessons of this chapter, also require certificates for computer and user authentication.
Use RADIUS for central authentication, authorization, and accounting for VPNs when multiple RRAS servers are required.
If the system is configured for RADIUS authentication and accounting, the log files will be on the RADIUS server. You can find the log in the System root\system32\logfiles folder. Authentication will still be recorded in the MCSE Exams Windows event log.
Use the IP packet filters interface of the VPN connection and do not, when remote access policies are used, use the settings in the profile of the policy. The profile-based settings do not apply in a site-to-site configuration.
A copy of the root CA certificate that is required is added to the certificate store of the Web server or of the VPN router. This might be the best solution when the number of certificates required is small. Perhaps trust of one external organization's certificate hierarchy is required on one Web server. Perhaps the number of VPN routers that require certificates is small for example, one VPN router connection with one other company is all that is needed. However, this solution does not scale well. As the number of VPN routers that must be configured with additional MCITP Enterprise Administrator increases, the time needed to configure them and maintain the certificates can be unmanageable.