Problems with self-signed SSL certificate for SSTP in Windows Server Foundation 2008

I am trying to configure SSTP in Windows Server Foundation 2008. I want to use a self-signed SSL certificate to do authentication. When the server is running, I get the following error when trying to connect:

0x800B0109: A certificate chain processed, but terminated in a root certificate that is not trusted by the trust provider.

I created the self-signed certificate in the IIS "Server Certificates" panel. From that panel, I exported the certificate, with the private key, to a .pfx file. I installed this certificate on the client computer which I tried to connect from. The certificate bound to the SSL listener in the RRAS->Security panel is present in the Trusted Root Certificate Authority stores on both machines.

I've been getting super annoyed setting up certificates. Any advice here?


Solution 1:

Here's the way I always recommend installing self-signed certificates for things like this:

On the client machine: Go to Start > Run... (if windows 7, Win + R) > type 'mmc' and hit Enter. When the MMC comes up, File > Add/Remove Snap In... and choose the 'Certificates' snap-in. It'll ask you for user, computer, etc... choose local Computer. When the snap-in loads, choose the Trusted Root folder, right click inside the list of certs, and choose Tasks > Import... and SPECIFY that the certificate be imported to the Trusted Root folder. Do not let it decide where to put it. Works fine for me.

If it still doesn't work, you may need to download and import the entire certificate chain from your internal CA.