Overview

While trying to connect via VPN using the user's SSL certificate, a specific procedure needs to be applied.

This article provides a step-by-step procedure on how to configure IPSec VPN using an SSL certificate in Windows 10 environment.

Important: As an alternative method for VPN connection, you can use pre-shared key (PSK) authentication. For more information, please refer to Configuring IPsec VPN using a native Windows client.

Solution

Export Kerio Control certificate

1. In Kerio Control administration > Interfaces, double-click VPN server to verify the SSL certificate name. Also, enable 'Use certificate for clients'.
   
2. In the SSL certificates section, export the certificate in PKCS#12 format.
   
3. Specify the password. Do NOT use any national characters. Check Include all certificates in the certification path if possible.
   
4. Click Export to save the certificate locally. Transfer the file to Windows PC that needs an IPSec VPN connection.

Import certificate into Windows

1. Double-click on the Certificate.p12 file to initiate Import wizard. Choose the Local Machine option.
   
   
2. Click Next and OK to confirm the Admin system change.
   
3. Specify the file name path.
   
   
4. Enter the password that was specified while exporting the certificate from Kerio Control Webadmin.
   
   
5. Click Browse and choose Trusted Root Certification Authorities as the Certificate store location.
   
   
6. Verify the settings and click Finish. Click OK once you see the "Successfully imported" window.
   
   

Configure Windows native VPN settings

1. Open Windows VPN settings. Click Add a VPN connection.
2. Specify:
   your Kerio Control IP address (public if connecting from remote location)
   VPN type: LT2P/IPsec with certificate
   Type of sign-in info: user name and password
   Enter your Kerio Control user name and password
   
   
3. Click Save.

Testing

Click Connect to establish a VPN connection.

The status will appear as Connected.