|
|
发表于 2012-9-13 14:54:39
|
显示全部楼层
我也找了好多资料,都没有设置成!主要是证书的原因,后来我找了一家证书公司试用了一个证书就可以连了,不过他们的证书要收费的。我就用找免费的证书,最终找到了startssl这个国外的证书颁发机构,这个网站没有中文的,我的E文也不好,参考了很多资料,但是中文的资料依然很匮乏,最后借助谷歌网页翻译算是弄完了。
申请完证书导入的时候跟openvpn的证书还不一样,必须在命令行下导入,很郁闷吧!这个也是参考ROS官方E文说明搞定的,中文的ROS教程讲的不清楚。
证书申请的网站:www.startssl.com 申请教程:http://www.chinaz.com/free/2010/1111/142581.shtml
导入教程:
Now its time to configure certificates for SSTP server. You can use StartSSL to get free browser-approved SSL certificates. You will need 4 files:
•ca.pem (StartSSL Root CA) – you get this one at StartSSL
•sub.class1.server.ca.pem (Class 1 Server SubCA) – you get this one at StartSSL
•your.mikrotik.pem (public certificate)
•your.mikrotik.key (private key)
You have to import these files by copying them to your MikroTik device (either via WinBox drag & drop into “Files” window or via FTP) and then doing something like:
/certificate import file-name=ca.pem
/certificate import file-name=sub.class1.server.ca.pem
/certificate import file-name=your.mikrotik.pem
/certificate import file-name=your.mikrotik.key
Except for your.mikrotik.key, you just hit ENTER when you are asked about the “passphrase”. For your.mikrotik.key, you must enter your private key password, if the key is encrypted. If it is not, you can just hit ENTER as well.
Now you can just do some configuration on this certificates you just imported:
/certificate set cert1 name="StartSSL CA"
/certificate set cert2 name="StartSSL Class 1 Server SubCA"
/certificate set cert3 ca=no
/certificate set cert3 name="your.mikrotik"
E文教程网址:http://nejc.skoberne.net/2011/03 ... bs-2008-nps-radius/
希望大家少走点弯路吧!
不过ROS的SSTP不支持winxp,只支持vista sp1和win7 |
|
|Archiver|手机版|小黑屋|软路由
( 渝ICP备15001194号-1|
渝公网安备 50011602500124号 )
IP卡
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
发表于 2011-12-27 17:12:21
