2.2.1.2.141 SSTP_CERT_INFO_1

The SSTP_CERT_INFO_1 structure<127> contain the subject name of the x.509 certificates that will be configured by the RRAS to be used in SSL/TLS negotiation as a part of the [MS-SSTP] protocol.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

isDefault

certBlob (variable)

...

isDefault (4 bytes): This value specifies how the SSTP certificate hash values are configured. Possible flag values are as follows.

Value

Meaning

TRUE

RRAS server chooses a certificate hash on its own automatically.

FALSE

The SSTP certificate hash values are configured by the administrator.

This value SHOULD be set to FALSE when sent. The RRAS server specifies TRUE for this value if administrator has not configured the certificate and default certificate selection logic is used. This value is FALSE if the administrator has configured the certificate.

certBlob (variable): This MUST be a CERT_BLOB_1. This contains the Certificate HASH Length and Certificate Hash. It accepts ONLY SHA256 HASH as the valid HASH. Thus, the value of the length field SHOULD always be 32 [RFC2459]. Specifying a value 0 for the cbData member of CERT_BLOB_1 removes the certificate configuration. In this case, RRAS server uses its default certificate selection logic.