sstp certificate problem

queemmar · Post by **queemmar** » Tue Apr 25, 2023 10:12 pm

hi,

I created a new server and wanted to activate sstp on it. so I export the certificate file but when I am trying to import it on my local machine, it asks to type the password for the private key. But I never set a password!

I tried blank and it said it is a wrong password. I also created a certificate with passphrase and again wrong password error.

is there any way to find this private key password? on ubuntu server or anything?

solo · Post by **solo** » Tue Apr 25, 2023 11:19 pm

queemmar wrote: ↑
Tue Apr 25, 2023 10:12 pm
when I am trying to import it on my local machine, it asks to type the password for the private key.

No, import public key, not private.

dsholm · Post by **dsholm** » Wed Apr 26, 2023 12:08 am

To get the cert that you need, simply go https:// to the server with a browser and use the browser to export the certificate you need.

A better way to do it a create a CA root to issues certificates and trust that CA. Use Let's Encrypt as an even better option as its a free public certificate you can issue to your server and your client will automatically trust as those roots are in the OS already.

Let's Encrypt has to renew every 90 days, you can make it even shorter if you like. There are scripts out there to install on the server side pretty easy.

solo · Post by **solo** » Wed Apr 26, 2023 1:20 am

dsholm wrote: ↑
Wed Apr 26, 2023 12:08 am
A better way to do it a create a CA root to issues certificates and trust that CA. Use Let's Encrypt as an even better option
...
There are scripts out there to install on the server side pretty easy.

Why bother with these when SE server exports CER directly for vpnxxx.softether.net?

queemmar · Post by **queemmar** » Wed Apr 26, 2023 7:46 am

solo wrote: ↑
Tue Apr 25, 2023 11:19 pm

queemmar wrote: ↑
Tue Apr 25, 2023 10:12 pm
when I am trying to import it on my local machine, it asks to type the password for the private key.
No, import public key, not private.

you mean PKC p12 file, right? I am importing that when I get the error

solo · Post by **solo** » Wed Apr 26, 2023 8:08 am

X509 RSA

queemmar · Post by **queemmar** » Wed Apr 26, 2023 8:15 am

solo wrote: ↑
Wed Apr 26, 2023 8:08 am
X509 RSA

yes i already tried that and it is imported, but other users cannot connect

solo · Post by **solo** » Wed Apr 26, 2023 8:21 am

default import is useless, must import to "Trusted Root"

queemmar · Post by **queemmar** » Wed Apr 26, 2023 8:31 am

solo wrote: ↑
Wed Apr 26, 2023 8:21 am
default import is useless, must import to "Trusted Root"

well of course its imported on trusted root certification authorities

solo · Post by **solo** » Wed Apr 26, 2023 8:43 am

So it is no longer about "wrong password error" nor certificate problem. Create a new topic with full description and client/server logs when "users cannot connect".

queemmar · Post by **queemmar** » Wed Apr 26, 2023 9:58 am

it is my question though. why does it ask for private key password when i never set one?

sstp certificate problem

sstp certificate problem

Re: sstp certificate problem

Re: sstp certificate problem

Re: sstp certificate problem

Re: sstp certificate problem

Re: sstp certificate problem

Re: sstp certificate problem

Re: sstp certificate problem

Re: sstp certificate problem

Re: sstp certificate problem

Re: sstp certificate problem