0

I would like to install an SSTP VPN server on a Win2008r2 server that I use for personal purposes (not using Active Directory). I will have 3 or 4 of my computers and other mobile devices connecting at most.

SSTP requires a server certificate. I can generate a server certificate with CACERT, but it is linked to a specific domain. I do own a domain, but it is not hosted at the address where the VPN server will be running. The VPN server has a dynamic DNS address.

If I install a server certificate for my domain, and bind the certificate to the VPN, will it be possible for clients to connect? I don't mind if I have to approve a one-time exception at the clients.

If there are other issues, how can I work around them?

Thanks!

tim11g
  • 425
  • 5
  • 9
  • 21

1 Answers1

0

It'll work as long as the CN on the certificate matches the IP name the clients connected to - there's lots of ways of doing that, obvious ones include using a dynamic DNS nameserver or updating the hosts file on the client.

symcbean
  • 19,931
  • 1
  • 29
  • 49
  • With CACERT, I cannot get a server certificate unless I have registered the domain. I cannot register the domain until it sends a verification email to the domain. I suppose I could temporarily set up an email server on the server at the dynamic address, but that seems like a lot of work. Maybe I should look elsewhere to generate a self-signed server certificate? – tim11g Aug 05 '13 at 16:16
  • Supposing I am able to generate a server certificate for "myserver.dyndns.org". Will Windows let me install it? How would the server know if it is running at myserver.dyndns.org. It is behind a NAT router on a local subnet. – tim11g Aug 05 '13 at 16:19
  • `look elsewhere to generate a self-signed cert` - I've always just done it for myself (hence SELF-signed). Yes MSWindows will let you install it. – symcbean Aug 05 '13 at 20:43
  • Thanks for the pointer on using a self-signed cert. That part I have done. Now making the VPN work is another problem, so I'll start another question. – tim11g Aug 07 '13 at 02:34