SSTP Certificate selection
If you've followed my articles at www.windowsecurity.com, you might have noticed that I did one on SSTP VPN servers.
If you haven't heard about SSTP, it's a new VPN protocol that was introduced with Windows Server 2008. SSTP (Secure Socket Tunneling Protocol) is essentially PPP over SSL. What this means is that your VPN client can now be behind a firewall or NAT device (or even a Web proxy) and the SSTP connections will be able to make it through so that your remote users can establish a VPN connection to your network.
The Windows Server 2008 SSTP solution is great. But there's just one problem. If you don't handle certificate installation in the right order, you'll end up in a world of hurt, because it's not obvious which certificate RRAS is selecting to enable the SSTP connections. And if you end up with the wrong certificate, you'll have to spend a bit of time untangling things to get them to work the way you want them.
The RRAS team heard our concerns, and with Windows Server 2008 R2 they've fixed this problem. With Windows Server 2008 R2, there's a nice dialog box that enables you to select the certificate you want to use for the SSTP connections. Nice!
Check out Dhiraj Gupta's great article on this feature over at:
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer