How to replace the hostname with my own domain

[zhfreal]

Hi, All. I have my own static ip and domain. So, I prefer to my own domain rather than the DDNS provided. Unfortunately, I can diable the DDNS function by editting the config file，but I didn't find anything about change hostname. And I found that it did not work out that just disable the DDNS. The hostname is very important setting for SSTP and OpenVPN server. So, is anyone can help me?

[kh_tsang]

If you have a static IP, you can point to it using A record. No need to do anything on SoftEther VPN Server hostname configuration.

However, you may need to sign an SSL certificate for your server.

[zhfreal]

@kh_tsang, thanks for you reply. I tried to create a new cerificate in softether-server-manager for my domain, and imported the certificate into my client, created a new SSTP-VPS connection with my domain. But I recieveed a CERT-error message every time I tried to connect the SSTP-VPS in client (the hostname is not equal to the name in cert during SSL connection). And if I changed everything back to xxx.softether.net in server and client. It would work sucessfully. So I guess that there is some limit to hostname inner softether server. The server would limit the hostname to xxxx.softether.net with default settings.

[kh_tsang]

Please make sure your DNS name is included in the certificate.

Also, you need to put the root certificate in the chain_certs folder and add the root certificate to the local machine trusted root certificates.

[zhfreal]

kh_tsang wrote:
> Please make sure your DNS name is included in the certificate.
>
> Also, you need to put the root certificate in the chain_certs folder and
> add the root certificate to the local machine trusted root certificates.

Unfortunately, it don't work. I put the SubjectAltName into CERT, but it don't work either. I guess it not the problem without v3 extention in CERTS. Because it will work out with CERT genarated from server-manager (using xxxx.softether.net as commonName) which has no SubjectAltName item at all.

[kh_tsang]

If you are generating a root certificate, the common name must be the same as the hostname.
For example, vpnserver.example.com is pointing at your static IP using an A record, the common name must be vpnserver.example.com so that you can connect using vpnserver.example.com.

If it is set properly, you should be able to connect to https://vpnserver.example.com:[port]/ without a certificate warning.

I tested and it is working on Windows 10(using SSTP).

[zhfreal]

kh_tsang wrote:
> If you are generating a root certificate, the common name must be the same
> as the hostname.
> For example, vpnserver.example.com is pointing at your static IP using an A
> record, the common name must be vpnserver.example.com so that you can
> connect using vpnserver.example.com.
>
> If it is set properly, you should be able to connect to
> https://vpnserver.example.com:[port]/ without a certificate warning.
>
> I tested and it is working on Windows 10(using SSTP).

Well, I think I find the reason. It didn't work out when I imported the cert-file from "certmgr.msc", while it would work out when I imported it by double-click it. Then I checked the the whole import process. Finally, I found that the certificate stored in wrong location while os imported the cert-file from "certmgr.msc". When the OS　import the cert-file from "certmgr.msc", it will store the certifate for current user by default, and has no an option for local PC(the options are frozen), while we import cert-file by double-click, we can choose store it for local PC. So, I failed the SSTP VPN connection, when I imported the file from "certmgr.msc".

It's very odd that MMC console/certmgr.msc has limit of authority.

Thanks for all your patient and effort!