Overview
While trying to connect via VPN using the user's SSL certificate, a specific procedure needs to be applied.
This article provides a step-by-step procedure on how to configure IPSec VPN using an SSL certificate in Windows 10 environment.
Important: As an alternative method for VPN connection, you can use pre-shared key (PSK) authentication. For more information, please refer to Configuring IPsec VPN using a native Windows client.
Solution
Export Kerio Control certificate
- In Kerio Control administration > Interfaces, double-click VPN server to verify the SSL certificate name. Also, enable 'Use certificate for clients'.
- In the SSL certificates section, export the certificate in PKCS#12 format.
- Specify the password. Do NOT use any national characters. Check Include all certificates in the certification path if possible.
- Click Export to save the certificate locally. Transfer the file to Windows PC that needs an IPSec VPN connection.
Import certificate into Windows
- Double-click on the Certificate.p12 file to initiate Import wizard. Choose the Local Machine option.
- Click Next and OK to confirm the Admin system change.
- Specify the file name path.
- Enter the password that was specified while exporting the certificate from Kerio Control Webadmin.
- Click Browse and choose Trusted Root Certification Authorities as the Certificate store location.
- Verify the settings and click Finish. Click OK once you see the "Successfully imported" window.
Configure Windows native VPN settings
- Open Windows VPN settings. Click Add a VPN connection.
- Specify:
your Kerio Control IP address (public if connecting from remote location)
VPN type: LT2P/IPsec with certificate
Type of sign-in info: user name and password
Enter your Kerio Control user name and password - Click Save.
Testing
Click Connect to establish a VPN connection.
The status will appear as Connected.