Ricmedia PC Help

Tech guides for everyone

  • Home
  • Browsers +
    • Chrome
    • Chromium
    • Firefox
    • Internet Explorer
    • Microsoft Edge
    • Safari
    • Opera
    • Browsers (all)
  • Windows +
    • Windows 10
    • Windows 8/8.1
    • Windows 7
    • Windows Vista
    • Windows XP
    • Windows (all)
  • Other OS +
    • Linux
    • MAC OS X
    • Raspbian
    • Other OS (all)
  • MS Office +
    • Office 2013
    • Office 2010
    • Office 2007
  • Raspberry Pi
  • More +
    • Software
    • Networking
    • Hardware
    • Builds
    • Tools & Apps
    • Miscellaneous
    • Support +
      • Help
      • About
      • Sitemap
      • Contact
    • Legal +
      • Privacy
      • Terms
      • Disclaimer
      • Copyright
You are here: Home / Networking / Install X.509 Certificate for SSTP VPN on Windows

Install X.509 Certificate for SSTP VPN on Windows

February 14, 2017 By Richie 1 Comment

In this guide I will show you how to install an X.509 SSL encryption certificate (.crt) to connect to a VPN using the SSTP Protocol (aka MS-SSTP). SSTP is an excellent VPN protocol that easily traverses firewalls because it uses port 443 which is generally wide open to enable HTTPS secure web browsing. It’s also very fast for the same reason and offers good stability with minimal dropouts.

Before we begin there are a few requirements:

  • The X.509 security certificate file(s) available from your VPN provider or network admin
  • Administrator rights on your Windows PC (most accounts will have this)
  • *Note to Admins: the certificate name must match the hostname or the IP address of the server to work properly

Watch the video above or follow the text guide below.

Install X.509 Certificate for SSTP VPN

  1. Locate the X.509 .crt certificate files, unzip if required
  2. Click on the Start icon Windows 10 Start Icon bottom-left of your screen
  3. Type Run into the search box, then click the Run (Desktop app) result
  4. Now type MMC into the Open: text box, click Yes to allow the app to run
  5. The Microsoft Management Console window should now be open
  6. Go to File > Add/Remove Snap-in… then select Certificates and click Add >
  7. Select the Computer Account option, then click Next >
  8. Select the Local computer: (the computer this console is running on) option, then click Finish, then click OK to close the window
  9. On the left pane, expand folders to Certificates > Trusted Root Certification Authorities > Certificates
  10. Right click on Certificates, then click All tasks > Import (see below)Import X.509 Encryption Certificate on Microsoft Management Console
  11. In the Certificate Import Wizard, select the Local Machine option, then click Next
  12. Now click the Browse button and navigate to the downloaded certificate file (.crt) and double-click to select, then click Next
  13. Make sure that the Place all certificates in the following store: option is set to Trusted Root Certification Authorities (it’s usually the default) and click Next
  14. Now click Finish, then OK to the success alert message, finally close X the console window, choose No to the Save settings alert box
  15. You can now connect to the VPN server after setting up a new connection, see Connect VPN using SSTP on Windows (all versions) guide.

Fix Error: 0x800B0109

If you are trying to connect to a VPN using SSTP and keep getting Error 0x800B0109 on Windows XP/Vista/7 or “Error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider” error on Windows 8.1/10, this is because you need to install X.509 SSL encryption certificate(s) for the server(s) you’re connecting to. These will be available from your VPN service providers website in the form of vpn.myvpn.crt Certificate files. Once you have them, continue this guide to install (video further below).

Note for Admins: If you are also getting this error whilst setting up your servers, you need to make sure that when generating your .CRT Certificate files, the Name: field must match exactly the hostname or IP address of your server. For instance, if your server hostname is us.sfc.myvpn.com then enter this for the Name: field on your certificate. You can also put the IP address of your server too.

Fix A certificate chain processed but terminated in a root certificate which is not trusted by the trust provider error

Fix VPN SSTP error 0x800B0109

  • SSTP Protocol at Wikipedia
  • SSTP FAQ – Part 2: Client Specific – Microsoft TechNet
  • Search Google for SSTP

Filed Under: Networking, VPN, Windows, Windows 10, Windows 7, Windows 8/8.1, Windows Vista, Windows XP Tagged With: .CRT, Certificate, Encryption Certificate, Error: 0x800B0109, MS-SSTP, SSL-VPN, SSTP, Virtual Private Network, VPN, X.509

Trackbacks

  1. Connect VPN using SSTP on Windows (all versions) - Ricmedia PC Help says:
    June 22, 2020 at 4:12 am

    […] NOTE* If you keep getting Error: 0x800B0109 see this guide […]

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Help & Support • Legal, Terms & Privacy • Contact Details • Copyright ©2006- Ricmedia • Part of the Ricmedia group of websites   Part of the Ricmedia group of websites