I have a working PPTP VPN on Windows Server 2008 and I can connect to this PPTP VPN on a Windows 10 notebook with an AD-User.
But when I am trying to switch to SSTP on my Windows Server by importing the certificate and set the "SSL Certificate Binding" it could not establish a connection anymore.
When I attempt to connect to my SSTP VPN, the error message:
The certificate's CN name does not match the passed value
appears
And when I go to the event viewer I see an error with the event-ID 20227
Could anyone help me and tell me how to fix this issue?
I appreciate all kind of helf.
Best Answer
Certificate's CN means certificate's Common Name and should always match the correct hostname to which your IP is resolving.
Suppose you are connecting to x.x.x.x IP that resolves to "mysstpvpn.mydomain.com".
The certificate you should bind on the SSTP server, should be a certificate containing that certain CN which on this example is: "mysstpvpn.mydomain.com"
Once you verify those two are matching, you should at least be able to resolve this issue.
By the way, in case you are using an internal Certificate Authority, make sure to add the DWORD "NoCertRevocationCheck" setting its value to "1" under "HKLM > SYSTEM > Current > CurrentControlSet > services > SstpSvc > Parameters" registry path on each client you will use to connect to the SSTP VPN server.
Finally, again in case you are using an internal CA always make sure that the ROOT certificate of your CA is installed on the "Trusted Root Certification Authorities" on each client's local Certificate Store so the clients will trust the certificate bound on your RRAS server.