Score:0

Renewing domain CA SSL/SSTP Certificate from non-domain Clients

ca flag
WSC

I have a VPN setup using RRAS/SSTP to authenticate clients. However, some of the clients are connecting via personal computers which are not joined to the domain. Initial setup was done by manually remoting in to every client via TeamViewer and installing the necessary certificates. However, now the client cert is expiring and I'd like to find a way to streamline the renewal process so that I don't have to remote into every computer and so an average user can complete the process with a few clicks.

So far, it seems like this is a nearly impossible task. If the computers were domain joined, there are a few options to renew the cert automatically. But I am hitting roadblocks getting non-domain PCs to renew the cert via any method apart from manual intervention by me (getting average users to navigate through mmc/certmgr is not viable). Is there any way to make this work via some sort of renewal request or another tool?

CA is Windows Server 2012 R2, clients are all Windows 10, cert needing renewal is a Client Authentication type created using the Domain Controller Authentication template.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.