I recently setup an SSTP VPN on a Server 2016 RAS.
The clients connect fine but only if you acknowledge/skip when prompted with the message "Continue connecting? We don't have enough info to validate the server. You can still connect if you trust this server" you click to continue.
My assumption is that this error is due to a failure to validate the cert due to inability to contact any kind of CRL - Does this sound correct?
So i have setup an OCSP and this is working fine internally when using the FQDN (of the server hosting the OCSP responder role) and also when using my external domain name from machines outside the LAN, but when I use the external domain name from inside the LAN it does not work (this might be an issue with my router config).
Do i need to have a single URL that works both internally and externally, or can I create two different URLs in the AIA settings on the Cert Authority - one that is LAN resolvable and one WAN resolvable?