Link to home
Start Free TrialLog in
Avatar of Tim Palmer
Tim PalmerFlag for Australia

asked on

Unable to choose certificate on a Server 2012R2 RRAS device, but "Default" is working

Hi techs,

I have a strange one at a client site I can't seem to figure out.

- I am trying to enable SSTP on a 2012R2 server
- There is already a valid SSL certificate installed on the server, because RDGateway is configured and running on this server
- RRAS is configured using PPTP and functioning
- When I go to the security tab to choose a certificate, I can see the dropdown list which states there are certificates, but I cannot select them (stays as "Default")
- I cannot use the arrow keys
- Clicking "View Certificate" indicates that the certificate I want IS in use
- trying to connect from a client still works, but I worry that when the certificate expires in under a month, that SSTP will break if I cannot change the certificate

Let me know if any of that doesn't make sense.
I do have a screencap of what I am experiencing, but I'm still trying to figure out how to remove the customer sensitive information from it
Avatar of Mahesh
Mahesh
Flag of India image

when certificate expires, RD gateway will also stop working

I believe since you have only single cert, it's not allowing you to dropdown list and its automatically selected, RRAS VPN by default select available certificate in personnel store or it generate self signed certificate if you don't have one

So I don't see any problem

whenever you renew cert, you will have to update it within RD gateway as well and you should see dropdown for RRAS to select renewed cert
Please don't use PPTP. It is hopelessly broken. Bruce Schneier is one of the world's best known crptographers.
https://www.schneier.com/academic/pptp/faq.html?

It has been easily and cheaply cracked for a long time now, since 2012.
http://www.h-online.com/security/features/A-death-blow-for-PPTP-1716768.html
Avatar of Tim Palmer

ASKER

Mahesh - please see the attached screenshot
I have multiple certificates, but whenever I choose one of them, the selection box stays as "Default"

Clicking "View Certificate" shows me the current certificate

I'm close to just removing the role and re-adding it to see if that helps
2018-06-29-16_14_44-Clipboard.png
ASKER CERTIFIED SOLUTION
Avatar of Tim Palmer
Tim Palmer
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial