When deploying URA with a full PKI, you are going to require several certificates:
A certificate for each client computer, which has an intended purpose of Client and Server authentication
A certificate for the URA server (for IPsec authentication), which also has an intended purpose of Client and Server authentication
A certificate for the IP-HTTPS connection, which has the intended purpose of Web server or server authentication
A certificate for the Network Location Server (NLS), which also has the intended purpose of Web server or server authentication
A Trusted Root CA cert to issue the client certificates presented by clients
The client certificates are often the most challenging, because you need to set up a certificate authority server in your domain, and then create and deploy a certificate to each and every computer that will be connecting to URA. Luckily, active directory offers Auto-Enrollment, which will take care of this automatically, so once you've...