At the moment, the SSTP server allows selection of a specific certificate to be used for all connections.

This makes running the SSTP server with certificate validation virtually impossible, since the clients expect the CN to match the server connections FQDN or IP to be accepted.

It would be nice to either have the possibility to run multiple server instances on different interfaces, each with its proper certificate, or to allow certificate selection for different interfaces on a single server configuration (a table with interfaces and certificates, including an "all" selection).

At the moment, using multiple interfaces implies using a user/password pair and disabling certificate validation which renders the whole SSTP setup problematic at best, offering no better security than a mppe encrypted password authenticated PTP connection.

Have fun with your MTs...

You can use http://StartSSL.com and create one certificate that covers a list of domains.
For example I create *.cloudzz.com and in.mikrotik.kharkov.ua.
Now I have virtual Mikrotik on Dedicated server that servs sstp for both https://cloudzz.com and http://mikrotik.kharkov.ua without any problem with domain authority on different IP's (I use Ros to create dmz and firewall for VM's on server).

Start SSL with 2 level authority offers you abillity to issue any numerous certificates without any additional payments after first validation.

Thank you.
I will take a look. Although I use self signed certificates...

When using self signed certificates have a look at this:

http://wiki.cacert.org/FAQ/subjectAltName

Thank you bommi, i missed that one