1
00:00:01,940 --> 00:00:04,030
So let's move onto the next demonstration.

2
00:00:04,030 --> 00:00:06,640
Let's create a test VPN connection.

3
00:00:06,640 --> 00:00:10,080
So this is a Windows 10 test client that I have provisioned.

4
00:00:10,080 --> 00:00:12,370
It is joined to my domain,

5
00:00:12,370 --> 00:00:15,440
and it should've already picked up all of the certificates

6
00:00:15,440 --> 00:00:19,150
because I've added it to the VPN device group and my user is

7
00:00:19,150 --> 00:00:21,310
a member of the VPN users group.

8
00:00:21,310 --> 00:00:24,090
So let's validate before we proceed any further that we

9
00:00:24,090 --> 00:00:25,950
have all of our certificates in place.

10
00:00:25,950 --> 00:00:26,710
And to do that,

11
00:00:26,710 --> 00:00:29,820
I'm going to first open up the Local Computer Certificates

12
00:00:29,820 --> 00:00:32,590
store and check on the device certificate,

13
00:00:32,590 --> 00:00:41,540
and we'll do that by just launching certlm.msc.

14
00:00:41,540 --> 00:00:45,510
And I'll expand the Certificates store and the Personal store,

15
00:00:45,510 --> 00:00:51,720
and you should see a certificate from the VPN Devices certificate template,

16
00:00:51,720 --> 00:00:53,820
and everything looks good.

17
00:00:53,820 --> 00:00:57,030
So it's issued by my PKI, has a private key.

18
00:00:57,030 --> 00:01:00,940
Everything looks fantastic.

19
00:01:00,940 --> 00:01:04,880
So let's validate that our user certificate is also in place.

20
00:01:04,880 --> 00:01:05,790
And for that,

21
00:01:05,790 --> 00:01:08,730
I'm going to run sort of a similar command, and this one is,

22
00:01:08,730 --> 00:01:12,640
instead of certlm, which is cert local machine,

23
00:01:12,640 --> 00:01:16,640
this is cert manager, or certmgr.msc, and it's used for

24
00:01:16,640 --> 00:01:23,640
finding user authentication certificates.

25
00:01:23,640 --> 00:01:29,040
Once again, expand the Personal store, and indeed I have a user

26
00:01:29,040 --> 00:01:33,480
authentication certificate issued to this particular user, so I

27
00:01:33,480 --> 00:01:34,770
should have everything in place.

28
00:01:34,770 --> 00:01:37,150
So I have both of my certificates,

29
00:01:37,150 --> 00:01:45,000
my device certificate and my user certificate, so we can proceed with creating the test profile.