SSTP connection error

[Omid]

Hello,

I am a little puzzled as how to setup SSTP to work properly. I searched the forums and read the manuals but found no clue/answer.

When the client tries to connect, Windows 10 shows the following error message:

"A certificate chain processed, but terminated in a root certificate that is not trusted by the trust provider."

Well, this means the certificate is not valid, and in this case, it is self-signed.

AFAIK, one workaround is to install a valid (real) certificate on the server. But I don't know how to set SoftEther to use that certificate for SSTP connections.

Another workaround is to install the certificate on client's machine (this is preferred as I don't want to spend money for SSL right now), but again I don't know where to see/edit/export the current certificate SoftEther is using for SSTP.

My SoftEther server is installed on Windows 2012 R2 server.

Any help would be much appreciated.

Regards
Omid

[fededim]

You can import/export the server certificate by clicking "Encryption and network" button from main menu. With export you can save the certificate as file and import it into Windows's trusted root CA. The problem is that even doing this I receive the same error (I am also using Windows 10). Try and let me know.

Is there any way to specify the SSTP listening port ?!? I believe that Softether will listen for sstp connections on any of the tcp listeners listed (like it does for OpenVPN), yet the documentation does not state anything about this.

[fededim]

Just un update, I managed to make it work. You need to:
- Import the certificate in Windows as a machine certificate (and not user certificate). In order to be sure that the certificate works just browse to https://<your softether domain>:<listening port> it should return an empty page without warning about the invalid certificate.
- Enable Softether SecureNAT and configure dhcp server.

p.s. It can confirm that softether SSTP listens on all defined tcp port listeners.