Win 2008 R2 SSTP Certificate

Question

I have a Win 2008 R2 server running on AWS EC2 and need the ability to VPN to it. PPTP isn't an option given EC2 firewall restrictions (no GRE routing).

I am planning to setup SSTP and it is my understanding that a self-signed cert is not an option.

So

Will one of Godaddy's "Standard" SSL certs work for SSTP? (Only $13. I am the only person connecting to this via Win7.)
Can I buy a wildcard cert or does it need to be host specific? (*.mydomain.com vs bla.mydomain.com)
Any other considerations?

Do you have a source for your belief that you cannot use a self-signed certificate? I can't find anything to corroborate that, nor have I ever encountered an SSL-based technology that wouldn't allow a self-signed certificate. — Joel E Salas, Feb 10 '12 at 00:13
I haven't used SSTP, but this article seems to indicate a self-signed cert is possible. http://artisticcheese.blogspot.com/2009/04/instructions-how-to-enable-sstp-vpn-s.html Even if it isn't possible, that doesn't mean you have to pay for the cert, you could almost certainly setup a CA using one of many OpenSSL based tools. — Zoredache, Feb 10 '12 at 01:08

score 2 · Accepted Answer · answered Feb 10 '12 at 00:04

2

Yes it can be wildcard.

The server and the client both have to trust the issuing root, so you could use a free CACert and add the root to server and client (as a trusted root in Computer Certificate store), or the Godaddy route is fine too.

answered Feb 10 '12 at 00:04

Bret Fisher

3,963
2
20
25

1

Finally got it all working and it does work with a self signed cert. The key was specifying the correct cert from RRAS via server properties. – andleer Feb 12 '12 at 04:41
Great. I'm assuming you copied the server self-signed cert to the client's trusted roots? – Bret Fisher Feb 14 '12 at 00:47
Bret, yes, copied the server self signed cert back to the client. – andleer Feb 14 '12 at 04:45

Win 2008 R2 SSTP Certificate

1 Answers1