You are the administrator of a Windows Essential Business Server 2008 environment. You want to configure Secure Socket Tunneling Protocol (SSTP) to allow remote users to connect to the company’s network. You are in the process of installing certificates.
Which two actions should you perform? (Choose two. Each correct answer presents part of the solution.)
A.
Install a server certificate on the SSTP server in the Personal certificate store.
B.
Install a server certificate on the SSTP server in the Trusted Root Certification Authorities certificate store.
C.
Obtain a CA certificate from the same CA that issued the SSTP server’s server certificate. Install the CA certificate in the Personal certificate store on the client computer.
D.
Obtain a CA certificate from the same CA that issued the SSTP server’s server certificate. Install the CA certificate in the Trusted Root Certification Authorities certificate store on the client computer.
Explanation:
You should install a server certificate on the SSTP server in the Personal certificate store, obtain a CA certificate from the same CA that issued the SSTP server’s server certificate, and install the CA certificate in the Trusted Root Certification Authorities certificate store on the client computer. SSTP is a new VPN protocol supported by Windows Vista and Windows Server 2008. SSTP uses SSL-encrypted HTTP connections to establish a VPN connection to the VPN gateway. The SSTP server must have a server certificate with the Server Authentication installed in the Personal certificate store. This server certificate is used by the SSTP client to authenticate the SSTP server when the Secure Sockets Layer (SSL) session is established. The SSTP client validates the server certificate of the SSTP server. To trust the server certificate, the root CA certificate of the CA that issued the server certificate to the SSTP server must be installed in the Trusted Root Certification Authorities certificate store on the SSTP client.You should not install a server certificate on the SSTP server in the Trusted Root Certification Authorities certificate store because the server certificate must be installed in the Personal certificate store on the SSTP server.
You should not install the CA certificate in the Personal certificate store on the client computer because this will not allow the client computer to trust the server certificate installed on the SSTP server. To enable the client computer to trust the SSTP certificate, the CA certificate must be installed in the Trusted Root Certification Authorities certificate store on the client computer.