SSL Certificate for TMG 2010 SSTP VPN

[jamesfed]

Does anyone have a dummies guide as to setting up a SSL certificate request for a SSTP VPN connection using Forefront TMG 2010?
Setting up a normal cert request I can do fine however as I understand TMG 2010 is very specific about the way the certs are setup or you get a ‘Incorrect key type’ error for the Private key.

[DavidIrwin]

James,
I have not set this up with TMG, but when I played with Windows Server 2008 Direct Access I used our standard domain wildcard certificate on the DirectAccess server (externally issued by trusted CA) and all machines connected without any problems. So long as the certificate is stored within the Computer Account 's Personal certificates store and is valid with all required intermediate and root CA certificates installed you should not have to do anything else to make it work.

If you need further instructions for isntalling the certificate, etc please let me know.

Dave

[jamesfed]

Sorry old post already sorted

Should've put that down sooner.

Cheers!

[DavidIrwin]

James,
Thanks - do you mind sharing what the problem/solution was? We are migrating our systems to TMG at the moment, and I am interested to avoid this kind of problem :-)

Dave

[jamesfed]

Hi Dave,

It was just as you said - just needed to add the cert to the personal store of the machine. Also I created the request on one of our IIS servers so I had to import the GoDaddy cert on there first and then export it (with the private key) to get it on our TMG server.

James

[DavidIrwin]

Thank you. Most useful