Hello,
I have certificate issue with SSTP server. I want to connect to the SSTP server with Windows 7 built-in client. I have a certificate installed on the router, certificate status is KR. The problem is, if i want to connect to the server, windows fails to connect with error 0x800B0109 (A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider). However, i have already imported the root CA to the "Trusted Root Certification Authoroties". This problem only occurs when I use self-signed certificate. When I use e.g. VeriSign certificate, all work fine. I use RB450G and Mikrotik 5.14. If I use self-signed certificate to connect to the router via HTTPS, then no errors with certificate occurs. I think the problem is on the Windows side, and I want to know whether it is possible to use self-signed certificates. To make self-signed certificates I use this manual http://wiki.mikrotik.com/wiki/Manual:Cr ... rtificates.
Re: SSTP certificate problem
Self signed certificates will work if you import CA in windows trusted root properly.
Re: SSTP certificate problem
I use this method http://www.cs.virginia.edu/~gsw2c/GridT ... icates.htm
I think this is properly method. This work fine when I use HTTPS or SMTPS.
I think this is properly method. This work fine when I use HTTPS or SMTPS.
Re: SSTP certificate problem
I'd just like my COMMERCIAL certificate to work.
I ([+] Create)-ed a certificate from Winbox, and selected "crl sign", and "key cert. sign" as the only Key Usages.
Filled in the various fields, including Days Valid: 1825 and Key Size 2048
I then [Create Cert. Request], using this as the template, and entering a Key Passphrase.
I downloaded the certificate-request.pem, and uploaded as my CSR request.
Once I receive the bundle back from Comodo, I added all four files (root, two intermediates, and server-cert) to the files.
I imported each into the Certificates window, and then imported the certificate-request_key.pem created above. (Including the passphrase I set).
The server cert shows KLT, the intermediates show LAT, and the root shows AT.
But when I attempt to connect to the device using the proper DNS name, I am getting the same error as the other user(s):
I ([+] Create)-ed a certificate from Winbox, and selected "crl sign", and "key cert. sign" as the only Key Usages.
Filled in the various fields, including Days Valid: 1825 and Key Size 2048
I then [Create Cert. Request], using this as the template, and entering a Key Passphrase.
I downloaded the certificate-request.pem, and uploaded as my CSR request.
Once I receive the bundle back from Comodo, I added all four files (root, two intermediates, and server-cert) to the files.
I imported each into the Certificates window, and then imported the certificate-request_key.pem created above. (Including the passphrase I set).
The server cert shows KLT, the intermediates show LAT, and the root shows AT.
But when I attempt to connect to the device using the proper DNS name, I am getting the same error as the other user(s):
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.