Hi everybody,
I am having issue configuring SSTP to work with “verify-client-certificate” set to “yes”.
When I enable this setting and import.
- server (5.20): host certificate (with key, flags KR) + intermediate certificate (without key) + root certificate (without key)
- client (6.4): host certificate (with key, flags KR) + intermediate certificate (without key) + root certificate (without key)
the server says:
00:19:18 sstp,info : waiting for call…
00:19:19 sstp,info : terminating… - unsupported certificate purpose
00:19:19 sstp,debug : LCP lowerdown
00:19:19 sstp,debug : LCP down event in initial state
00:19:19 sstp,info : disconnected
There is no documentation on what keyUsage should be assigned to SSTP client certificate (at least I haven’t found any). I currently have:
- keyUsage = keyEncipherment, dataEncipherment
- extendedKeyUsage = clientAuth
Can somebody help me out here ?