If you have access to a Linux computer, try running the following command to see what the server certificate details are:
openssl s_client -servername FQDN -connect FQDN:443 </dev/null 2>/dev/null | openssl x509 -text
Where
FQDN is the DNS name you want to use for the SSTP server (Change the port from 443 if you changed it on the server).
If you have a Windows computer, use this PowerShell script I found on
Sunny Chakraborty's GitHub to get the information:
Save the script file with the name
Get-RemoteSSLCertificate.ps1
[CmdletBinding()]
param (
[Parameter(Mandatory=$true)]
[string]
$ComputerName,
[int]
$Port = 443
)
$Certificate = $null
$TcpClient = New-Object -TypeName System.Net.Sockets.TcpClient
try {
$TcpClient.Connect($ComputerName, $Port)
$TcpStream = $TcpClient.GetStream()
$Callback = { param($sender, $cert, $chain, $errors) return $true }
$SslStream = New-Object -TypeName System.Net.Security.SslStream -ArgumentList @($TcpStream, $true, $Callback)
try {
$SslStream.AuthenticateAsClient('')
$Certificate = $SslStream.RemoteCertificate
} finally {
$SslStream.Dispose()
}
} finally {
$TcpClient.Dispose()
}
if ($Certificate) {
if ($Certificate -isnot [System.Security.Cryptography.X509Certificates.X509Certificate2]) {
$Certificate = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $Certificate
}
Write-Host -Verbose $Certificate
}
Run the command from PowerShell
\path\to\Get-RemoteSSLCertificate.ps1 FQDN
or
\path\to\Get-RemoteSSLCertificate.ps1 FQDN P#
Where
P# is the port number if you changed it from 443.
Both of these commands will show you the primary CN listed in the certificate even if it doesn't match the FQDN you specified. Then try using the reported CN when setting up the SSTP client.
I hope this helps.