Go Back   TechArena Community > Technology > Networking & Security
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Changing server certificate in VPN

Networking & Security


Reply
 
Thread Tools Search this Thread
  #1  
Old 21-11-2010
Member
 
Join Date: Sep 2010
Posts: 15
Changing server certificate in VPN
  

Last time, you have recommended to use a URL dedicated to the SSTP service for the sake of clarity and understanding. Also, a VPN address "sstp.yourdomain.com" is not the worst kind. Warning to tell your DNS server an alias to your VPN server that is not necessarily the FQDN. Now I want to know about changing server certificate. Since, you guys have told me about the previous installation that helped me much, so I thought to post here my query instead of searching it on Internet. Please tell me in details about changing server certificate. Any other information related to the topic would be grateful.

Reply With Quote
  #2  
Old 21-11-2010
Member
 
Join Date: Feb 2010
Posts: 524
Re: Changing server certificate in VPN

The CRL, or Certificate Revocation List is as its name indicates an item containing all certificates have been revoked, in other words that are no longer valid. Therefore, to verify that the server certificate is still valid, the client computer must have access to the storage location of the CRL. For remote clients, it's usually a URL to a Web server of the company. By default, the URL of the CRL has the form http://nameofyourserver.yourdomain/ ... while this name is not necessarily accessible from the Internet. It is interesting to change the address and put in the form http://sstp.yourdomain/ ... to correspond with the URL of the VPN instance. This change must be made if possible prior to the issuance of the first server certificate directly in the properties of the CA. After stating that the certificates have integrated this new data, then after forcing the first publication of the CRL, the problems should disappear.
Reply With Quote
  #3  
Old 21-11-2010
Member
 
Join Date: Feb 2010
Posts: 537
Re: Changing server certificate in VPN

Sometimes having to change the certificate to the server level. These include the corruption of the certification authority, or simply change the FQDN server access, or changing the URL of the publication of the CRL. If you need to replace it, do as follows:
  1. Delete the old certificate store and import the new.
  2. Open a command prompt as administrator and enter these commands:
  3. Netsh http delete ssl 0.0.0.0:443 # this removes the link between the certificate and port 443
  4. Netsh http delete ssl [::]: 443 # same for IPv6
  5. Reg delete HKLM \ system \ currentcontrolset \ services \ sstpsvc \ parameters / SHA256CertificateHash v / f
If you have multiple server authentication certificates in the store, enter these two commands:
  • Netsh http add sslcert ipport 0.0.0.0:443 certhash = [Thumbprint of the certificate without spaces] AppID = {ba195980-CD49-458b-9e23-c84ee0adcd75 certstorename} = Y.
  • Netsh http add sslcert ipport [::]: certhash = 443 [Thumbprint of the certificate] AppID = {ba195980-CD49-458b-9e23-c84ee0adcd75 certstorename} = Y.
Reply With Quote
  #4  
Old 21-11-2010
Member
 
Join Date: Feb 2010
Posts: 641
Re: Changing server certificate in VPN

OpenVPN is a solution that is based on SSL. This ensures two things at once, without needing a lot of client-side software:
  • authentication of client and server
  • securing the transmission channel
It allows for example to troubleshoot NAT IPSec offering the same protection but without the constraints. The exchange of keys for data encryption in IPSec can be done in three ways:
  1. hand: not very practical
  2. IKE (Internet Key Exchange) is a protocol developed for IPSec. ISAKMP (Internet Security Association and Key Management Protocol) is the basic role is the establishment (negotiation and implementation), modifying and deleting SAs. It consists of two phases:
    • the first to create a secure channel (for Diffie-Hellman) and authenticated through which we exchange a secret key used to derive the phase 2.
    • the second allows to set up IPSec with its parameters and a SA in each direction of communication. Data exchanged is protected through the channel established in phase 1.
Reply With Quote
Reply

  TechArena Community > Technology > Networking & Security
Tags: , , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Changing server certificate in VPN"
Thread Thread Starter Forum Replies Last Post
Broken server certificate UI on Mozilla Firefox Grayson Technology & Internet 3 02-11-2011 10:48 PM
certificate autoenrollment with 2008 and 2003 Server sgilmour Windows Server Help 2 14-10-2011 06:52 PM
You have not chosen to trust thawte server ca" the issuer of the server's security certificate" Ximen Networking & Security 3 14-07-2009 11:01 AM
The server you are connected to is using a security certificate Error Mr.Dean Windows Vista Mail 1 07-07-2008 08:29 AM
IAS and RAS server certificate enrollment AngerEyes Windows Security 3 27-05-2008 11:56 PM


All times are GMT +5.5. The time now is 02:50 AM.