VPN issues after new SSL cert installed

https://support.microsoft.com/en-us/help/947026/how-an-iis-web-server-and-a-secure-socket-tunneling-protocol-sstp-base

Now, VPN clients can establish VPN connections to the SSTP-based Routing and Remote Access server by using the same certificate.
To replace the certificate hash value of the SSTP-based Routing and Remote Access server certificate with the certificate hash value of the IIS Web server certificate, follow these steps:

  1. Obtain the Sha256 hash value for the IIS Web server certificate. You can obtain the hash value from the error message that is logged in the System event log of the VPN client. For example, the Sha256 hash value may resemble the following hash value:

    d075f96f979fd4df20f3fdf7a5335807879ca627e5f3fc0bab7a7ac067c831c6

  2. Open an elevated command prompt on the VPN server.
  3. At the command prompt, type the following command, and then press ENTER to configure the Sha256CertificateHash registry key value for the SSTP service:

    reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters /v SHA256CertificateHash /t REG_BINARY /d d075f96f979fd4df20f3fdf7a5335807879ca627e5f3fc0bab7a7ac067c831c6 /f

  4. At the command prompt, type the following commands one at a time, and then press ENTER to restart the Routing and Remote Access service:

    net stop sstpsvc /y
    net start remoteaccess

  5. At the command prompt, type exit, and then press ENTER to close the command prompt.

Now, VPN clients can establish VPN connections to the SSTP-based Routing and Remote Access server by using the IIS Web server certificate.

Back to Top