Disable SSTP Certificate Revocation Check

Windows 7 supports a number of different types of VPN protocols. PPTP and IKE can be problematic when attempting to connect through a router that is conducting NAT. SSTP gets around that problem by tunneling over an SSL session. In order to enable SSTP, the server must have a certificate with a hostname that matches the certificate and the CRL URL must be reachable by the client. These are not always easy to accomplish when using a self signed certificate. In my case I had everything working except for the CRL URL. The client was unable to check the CRL so it rejected the connection. An interesting form of Denial of Service could be implemented by denying access to CRLs, but that is a bit of a digression. On the client computer, create a DWORD value NoCertRevocationCheck under HKLM\System\CurrentControlSet\Services\Sstpsvc\Parameters Set the value = 1. This will disable the certificate revocation check and enable the connection to proceed.