Can't get my SSTP VPN to works due to a certificate issue
It sounds like you've installed the certificate in the wrong store, you should try manually putting it in Trusted Root Certificate Authorities
on the client machine.
Take these steps on the client machine: MMC > Add 'Certificates' snap-in for local computer > Trusted Root Certificate Authorities > Import the certificate here.
Related videos on Youtube
Kedare
Network Operations Engineer, Site Reliability Engineer, DevOps, Geek :)
Updated on September 17, 2022Comments
-
Kedare over 1 year
I am trying to create a SSTP VPN on my Windows Server 2008 R2, I installed the Network Policies and Access Service, and the AD Certificate Autority service,
I create my root certificate and generated a Server authentication certificate (named with the FQDN of the server), validated it and installed it on the server, I also have installed the CA authority certificate on the client that I need to connect, but when I try to connect, I get this error
Could not build a certificate chain for CA certificate 0 for xxx.netyxia.net-DC-CA. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487).
(xxx.netyxia.net is the (altered) hostname), the certificate is deployed on both the server and the client.. I've searched for hours... and nothing :(
Any idea please ?
Thank you
-
Kedare over 13 yearsI've checked this, but its alreary installed, but does the certificate needs to use the used DNS name, or the "real" machine name ? How does the client know what certificate to use ? Because I don't have configured anything to tell the VPN server/client to use this specific certificate
-
Kedare over 13 yearsOky i've found that I had to define the certificate on the VPN properties, thank you
-
ebo over 13 yearsalso make sure the ssl listener in RRAS is configured to point to the ssl certificate you are wanting to user to secure the VPN
-
eRIZ over 8 yearsMake sure to install this certificate on the local computer storage, not for just user session.