First some
background.
First issue: I'm
wanting to establish certificate-driven, IPSec-based authentication and
access on my local LAN. Participants are mainly Windows XP machines (including
some laptops via wireless access points which started this process) and a SUSE
Linux webserver. The current Windows 2000 server will have Group Policies
implemented restricting access to authenticated domain members. (Obviously,
the webserver will be excluded from some of these policies). Essentially. access
to the domain and the domainserver should be restricted to known
machines.
What also needs to occur is that these same known machines
require internet access via a Cisco 800 series router. (thus the same IPsec
policies on the domain need to be applied as authentication-only policies on the
router). Incoming traffic (as distinct from return traffic) needs to be allowed
to the webserver.
Second issue is that
I wish the Linux webserver to be able to distribute subordinate certificates to
web clients.
Started to look at
the planning for this and my brain started to hurt.
Anyone tried this
and can share some gotchas, do's and don'ts?
Regards,
Brett Davidson