Page 1 of 1
sstp certificate problem
Posted: Tue Apr 25, 2023 10:12 pm
by queemmar
hi,
I created a new server and wanted to activate sstp on it. so I export the certificate file but when I am trying to import it on my local machine, it asks to type the password for the private key. But I never set a password!
I tried blank and it said it is a wrong password. I also created a certificate with passphrase and again wrong password error.
is there any way to find this private key password? on ubuntu server or anything?
Re: sstp certificate problem
Posted: Tue Apr 25, 2023 11:19 pm
by solo
queemmar wrote: ↑Tue Apr 25, 2023 10:12 pm
when I am trying to import it on my local machine, it asks to type the password for the private key.
No, import public key, not private.
Re: sstp certificate problem
Posted: Wed Apr 26, 2023 12:08 am
by dsholm
To get the cert that you need, simply go https:// to the server with a browser and use the browser to export the certificate you need.
A better way to do it a create a CA root to issues certificates and trust that CA. Use Let's Encrypt as an even better option as its a free public certificate you can issue to your server and your client will automatically trust as those roots are in the OS already.
Let's Encrypt has to renew every 90 days, you can make it even shorter if you like. There are scripts out there to install on the server side pretty easy.
Re: sstp certificate problem
Posted: Wed Apr 26, 2023 1:20 am
by solo
dsholm wrote: ↑Wed Apr 26, 2023 12:08 am
A better way to do it a create a CA root to issues certificates and trust that CA. Use Let's Encrypt as an even better option
...
There are scripts out there to install on the server side pretty easy.
Why bother with these when SE server exports CER directly for vpnxxx.softether.net?
Re: sstp certificate problem
Posted: Wed Apr 26, 2023 7:46 am
by queemmar
solo wrote: ↑Tue Apr 25, 2023 11:19 pm
queemmar wrote: ↑Tue Apr 25, 2023 10:12 pm
when I am trying to import it on my local machine, it asks to type the password for the private key.
No, import public key, not private.
you mean PKC p12 file, right? I am importing that when I get the error
Re: sstp certificate problem
Posted: Wed Apr 26, 2023 8:08 am
by solo
X509 RSA
Re: sstp certificate problem
Posted: Wed Apr 26, 2023 8:15 am
by queemmar
solo wrote: ↑Wed Apr 26, 2023 8:08 am
X509 RSA
yes i already tried that and it is imported, but other users cannot connect
Re: sstp certificate problem
Posted: Wed Apr 26, 2023 8:21 am
by solo
default import is useless, must import to "Trusted Root"
Re: sstp certificate problem
Posted: Wed Apr 26, 2023 8:31 am
by queemmar
solo wrote: ↑Wed Apr 26, 2023 8:21 am
default import is useless, must import to "Trusted Root"
well of course its imported on trusted root certification authorities
Re: sstp certificate problem
Posted: Wed Apr 26, 2023 8:43 am
by solo
So it is no longer about "wrong password error" nor certificate problem. Create a new topic with full description and client/server logs when "users cannot connect".
Re: sstp certificate problem
Posted: Wed Apr 26, 2023 9:58 am
by queemmar
it is my question though. why does it ask for private key password when i never set one?