Wildcard certificates with SSTP

I attempted to set up SSTP using a certificate from GoDaddy. The certificate was a wildcard cert that we use for web sites and other purposes. I thought it would be nice to use the same cert on our MikroTik firewalls for VPN.

Installed the certs and private keys getting the RK status next to the cert.

SSTP VPN ends up giving the “A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider” error on the Windows 7 client.

The URL used to connect is from the domain matching the CN of the wildcard cert (e.g. cert CN - *.mydomain.com, VPN URL - vpn.mydomain.com).

Before I spend a few hours trying to debug this, I thought I’d ask if anyone knows whether this will work or not?

Separately, does anyone know if this will create issues with OpenVPN certificate usage? I haven’t even tried it but thought I’d ask.

Typically this error means that CA is not in Windows trusted root list.
You will need to manually add CA to windows trusted root.

I verified that the CA is in the trusted root CA’s for the Windows machine. The certificate is used on web sites and that is accepted without any warning. I’ve opened the certificate on the Windows machine and can see the full chain is trusted. So I don’t think this is a CA issue.

EDIT: I’ve decided to stick with L2TP/IPSec. I’ve got it working reliably except for when we have VRRP configurations. Seems to be easier than the SSTP and more readily accepted by our Windows users.