Hi everyone,
we had to renew our CA and certificates used in our SSTP setup. Our old server certificate had the IP as the CN, and the clients could validate the servers IP correctly. After we deployed the new CA and certificates, our clients can no longer validate the IP address which is written in the certificates CN and we get the error "server´s IP address does not match certificate".
The only difference we could spot, is that the old certificate had the other fields such as C=, ST= and O= set, whereas the new one only has the CN field. The RouterOS on the systems is rather old, v5.26 on the server and clients ranging from v5.26 to v6.32.2.
For now we disabled the function on the clients to check the servers IP address using the certificate so everything works for now, but it would be nice to now, if we made a mistake.
I hope someone here has an idea as to why this happens.
kind regards.