DirectAccess has the ability to utilize certificates in a couple of different ways. Depending on how you configure DA, there are different places that certificates may or may not be used, but one common variable in all DirectAccess implementations is IP-HTTPS. This is a transition technology that is always enabled on a DA server, and it requires an SSL certificate to work properly. IP-HTTPS traffic comes in from the Internet, and so I always recommend that the SSL certificate used for the IP-HTTPS listener should be one purchased from a public CA entity.

As with any SSL certificate, they are only valid for a certain time period. Typically, these certificates are purchased on a one-, two-, or three-year basis. This means that eventually, you will have to renew that certificate and figure out how to make DirectAccess recognize and utilize the new one. IP-HTTPS makes use of a web listener inside IIS, and so it is a natural assumption that, when you...