I'm developing a custom VPN solution that needs to support SSTP for Windows clients. For this, the SSTP specifications (and Windows) require my server to authenticate itself using a certificate during the SSL handshake. Windows will then use its local set of trusted certificates and decide whether to continue or drop the connection.
I would like to avoid using an official certificate from Verisign for two reasons: First, it costs money that the project currently doesn't have, and second (more importantly), as described here, Windows will need an internet connection to be able to check whether this certificate has been revoked before it will accept the connection, unless I have my users dig around in their registry to turn this off, which I'd rather avoid. The problem is that the VPN will be the only way for the client computer to get online, so this will pose a chicken-and-egg problem: You need internet to get internet...
I've posted a question on the Information Security SE to ask about the security implications of requiring users to install certificates, and it sounds like I need to be very careful with the exact type of certificate I create, since, unfortunately, Windows requires this certificate to be installed into the Trusted Root Certification Authorities on Local Machine, i.e. the riskiest place of all.
From the answer I got on ISSE, it seems I need to generate an end-user certificate that does not allow signing usage.
How would I go about creating such a certificate that can only be used to authenticate my one server, but cannot be misused to sign other certificates for TLS man-in-the-middle attacks, etc, even if it is installed in the Trusted Root Certification Authorities.
As a bonus, is there a way for my users to verify during the installation process that this certificate is indeed safe and does not open the system up for attack, should someone get a hold of the certificate's private key?
