How to Disable Revocation Check for SSTP VPN

Disabling the certificate revocation check can expose your VPN connection to security risks, as it will not verify if the VPN server certificate has been revoked.
Make sure this is a last-resort action if you’re experiencing issues with certificate revocation checks and you understand the potential security implications.

To disable the certificate revocation check for an SSTP (Secure Socket Tunnelling Protocol) VPN on a Windows machine, you can follow these steps:

Open Group Policy Editor:
- Press Win + R, type gpedit.msc, and press Enter.
Navigate to the following location:
- Computer Configuration > Administrative Templates > Network > SSL Configuration Settings.
Disable Revocation Check:
- In the right pane, find the setting Turn off certificate revocation check.
- Double-click the setting and set it to Enabled.
Apply the Settings:
- Click OK to apply the changes and close the Group Policy Editor.

Open the Registry Editor:
- Press Win + R, type regedit, and press Enter.
Navigate to the following registry key:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters
Add a new DWORD value:
- Right-click in the right pane and choose New > DWORD (32-bit) Value.
- Name the new DWORD NoCertRevocationCheck.
Set the Value:
- Double-click the NoCertRevocationCheck DWORD and set the value to 1 (this disables the revocation check).
- Click OK.
Restart the SSTP Service:
- You can either restart the computer or restart the SSTP service via the command line:
  - Open Command Prompt as an administrator and run the following command:
    net stop SstpSvc && net start SstpSvc

Open PowerShell as Administrator.
Run the following command to disable the certificate revocation check for SSTP VPN:
PowerShell command
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters' -Name 'NoCertRevocationCheck' -Value 1
Restart the SSTP Service:
PowerShell Command
Restart-Service SstpSvc

Related Knowledge Base Posts -