Hello,
At the moment I am using SSTP VPN Server with SelfSigned Certificate where its CA certificate is deployed on Windows clients into Trusted Root Certificates.
This scenario works very well.
To avoid selfsigned CA deployment on Windows client, I am planning to use LetsEncrypt certificate instead of mentioned above.
So, I got this certificate, uploaded privkey.pem and cert.pem into MT router and imported them to Certificates:
certificate print detail where name ~“cert”
Flags: K - private-key, L - crl, C - smart-card-key, A - authority, I - issued, R - revoked, E - expired, T - trusted
0 K T name=“cert.pem_0” issuer=C=US,O=Let’s Encrypt,CN=R3 digest-algorithm=sha256 key-type=ec common-name=“sstp.mysite.com” key-size=secp384r1
subject-alt-name=DNS:sstp.mysite.com days-valid=89 trusted=yes key-usage=digital-signature,tls-server,tls-client
serial-number=“046BD39509BC93999A0E72DC3A9BBE823CFE” fingerprint=“3717d9fd011bf543af19bfe4fe245a3446ba2955599243334e2d52e434dce0e3”
akid=142eb317b75856cbae500940e61faf9d8b14c2c6 skid=b67c252b5b1bfd1dffb14ec198574ef012906e76 invalid-before=sep/29/2021 15:55:56
invalid-after=dec/28/2021 15:55:55 expires-after=12w1d5h29m32s
N.B! I replaced here my real fqdn name with sstp.mysite.com
In SSTP Server configuration selected to use this certificate:
/interface sstp-server server print
enabled: yes
port: 443
max-mtu: 1500
max-mru: 1500
mrru: disabled
keepalive-timeout: 60
default-profile: l2tp-ipsec
authentication: pap,chap,mschap1,mschap2
certificate: cert.pem_0
verify-client-certificate: no
force-aes: no
pfs: no
tls-version: any
I get following error when Windows client tries to connect to my SSTP Server:
“The client and server cannot communicate,
because they do not possess a common
algorithm”
Secp384r1 algorithm has been used during certificate generation. Should I switch this to RSA ?
Any ideas ?
Thank you,
Dmitri