Elastic Cloud Gate

AWS Blog

How to setup RRAS SSTP VPN on AWS VPC with Active Directory Authentication – Step by Step – Part 5

In this article we will explain step by step how to setup Windows RRAS SSTP VPN on AWS VPC with Active Directory Authentication.

Part 1 – Setup VPC
Part 2 – Launch EC2 Instance for Active Directory Server and RRAS Server
Part 3 – Setup Active Directory / Domain Controller
Part 4 – Setup RRAS
Part 5 – Configure Active Directory Certificate Service
Part 6 – Configure RRAS
Part 7 – Adjust VPC Configuration
Part 8 – User Computer Configuration

Part 5 – Configure Active Directory Certificate Service

1. Login back using your domain credential
2. Open Server Manager and click Add roles and features
3. Click Next, Next, Next
4. Select Active Directory Certificate Services

Active Directory Certificate Services

5. In the new popup windows click Add Features

Active Directory Certificate Services

6. Click Next, Next, Next
7. Select Certificate Authority and Certificate Authority Web Enrollment

Active Directory Certificate Services

8. In the new popup windows click Add Features

Active Directory Certificate Services

9. Click Next, Next, Install
10. When finish click Close

Active Directory Certificate Services

11. From the Server Manager Notification click Configure Active Directory Certificate Service

Active Directory Certificate Services

12. Click Next, check Certification Authority click Next

Active Directory Certificate Services

13. Select Enterprise CA, click Next

Active Directory Certificate Services

14. Select Root CA, click Next

Active Directory Certificate Services

15. Select Create a new private key, click Next

Active Directory Certificate Services

16. For better security you can select SHA512, click Next

Active Directory Certificate Services

17. You might change common name e.g. MyDomainCA, click Next

Active Directory Certificate Services

18. Change years to 25 (this is not necessary) , click Next

Active Directory Certificate Services

19. Click Next and then Configure
20. Click Close, when prompt for additional role service click Yes

Active Directory Certificate Services

21. Click Next, select Certification Authority Web Enrollment, click Next

Active Directory Certificate Services

22. Click Configure

Active Directory Certificate Services

23. Click Close
24. Open Microsoft Management Console

Active Directory Certificate Services

25. From File menu select Add/Remove snap-in

Active Directory Certificate Services

26. Select Certification Authority, click Add

Active Directory Certificate Services

27. Select Local Computer, click Finish, Click OK

Active Directory Certificate Services

28. Go to Certificate Templates, right click and select Manage

Active Directory Certificate Services

29. Right click on IPSec and select Duplicate Template

Active Directory Certificate Services

30. Go to General tab and change name to SSTP-VPN

Active Directory Certificate Services

31. Go to Request Handling tab and check Allow private to be exported

Active Directory Certificate Services

32. Go to Subject Name tab, select Supply in the request (ignore windows warning)

Active Directory Certificate Services

33. Go to Extensions tab, select Application Policies, click Edit

Active Directory Certificate Services

34. Click Add, select Server Authentication, click OK, OK

Active Directory Certificate Services

35. Click Apply, OK, Close Certificate Template console
36. Right click on Certificate Templates->New->Certificate Template to Issue

Active Directory Certificate Services

37. Select SSTP-VPN, click OK

Active Directory Certificate Services

, ,

Leave a Reply