using personal signatures for remote authentication

[richlm]

I have a personal signature from a national authority which I can use to
sign e-mail etc.

As a software consultant I run my own web+exchange 2003 server (actually
SBS2003) and often want to use e.g. OWA, remote desktop and maybe even VPN
from remote sites.

I would like to implement more security than just username/password, and a
neat solution would be to utilize my personal certificate, which I could
install on the computer I use at the client site.

Can someone refer me to articles on how to do this? Not using smart cards
but where the cert is installed on a client PC.

[S. Pidgorny <MVP>]

Your e-mail signing certificate doesn't have right attributes to be used as
the client authentication certificate - you'll need another certificate to
log on to Web servers etc.

Other than that, here's how to enable IIS certificate authentication:

http://www.microsoft.com/windows2000/techinfo/planning/security/mappingcerts.asp

That works with "soft" (e.g. - non-smart card) certificates.

Windows login with soft certs isn't possible - you must authenticate to get
access to protected storage. Should work with VPN, but again - you need a
client authentication cert, not e-mail cert.

regards

S.