I've been trying to get this to work for a week now.
I've got a Windows 2003 Standard server, with a Standalone CA configured on it.
I'd like to assign IPSec SSL certificates to non domain client computers and servers, then make an IPSec rule that basically states that any traffic from that network and it's machines to this one needs to be authenticated and encrypted.
I can request the cert from a client machine, and it's showing up in the Local Machine's Personal > Certificate store, but not allowing me to assign it as an IPSec authentication method , I am guessing becuase the client does not think it's a valid CA. That's where I seem to be stuck. If I copy the certificate to the trusted root on both machines, I can select it for use in IPSec, but when the policies are assigned, IKE negotiation fails, citing a bad certificate.
I must have read a dozen ways to do this and tried them all, and all gets stuck at this point. I know it's pertaining to the SSL's, as I have done exactly what I need with IPSec using preshared keys, and it does work, and verifed with network monitor that the packets are all getting AES encrypted.
Hopefully there is a simple step here I am just missing, any help is very appreciated.
Thanks,