Windows 10 SSTP with self-signed certificates


I can’t seem to get the Windows 10 sstp client to connect to the (router) sstp server

I have tried numerous combinations when creating my self signed certificates (ca & server) but I have to admit that I’m a little stumped

CA : https://prnt.sc/rqtkhv + https://prnt.sc/rqtks0 Server : https://prnt.sc/rqtls4 + https://prnt.sc/rqtm0y

Windows 10 : https://prnt.sc/rqtxsq + https://prnt.sc/rqtyfm

Q1) When installing the certificate in Windows I usually select [Local Computer] certificate store rather than [current user]. Is it normal for Windows to also install a copy in the [current user] store ? If so what is the point of this duplicate certificate installation ?

Q2) When installing the certificate into the “Trusted Root Certificate Authorities” for [current user] I obtain the following warning : https://prnt.sc/rqtoyb – why don’t I get this same warning when installing via [Local Computer] ?

Q3) What is the meaning of the yellow triangle with exclamation mark on both [Basic Constraints] and [Key Usage] ? https://prnt.sc/rqtzj0 + https://prnt.sc/rqtzut

Q4) Why doesn’t the SSTP client (https://prnt.sc/rqu1r5) detect the presence of the previously installed (sstp server’s ca) certificate ? https://prnt.sc/rqu0o0

Q5) I feel like my multiple certificate installation attempts may have ‘polluted’ my Windows’ certificate store. Is this possible ? If so is there a way to ‘clean up’ the certificate store (besides manually deleting unwanted certificates) ?

Q6) I believe that this used to work with Windows 10 before but, maybe because of the regular updates, things seem to have changed ?

regards yann