VPN SSTP
Cannot check revocation list or revocation server is offline.

Check IIS for CRL

Solution:

After modifying the CA extension, I renew the CA certificate.


Click “View Certificate” button and copy the CA certificate to a file, e.g. ca.cer.
Import the CA certificate into Trusted Root Certificate Authorities of GPO.
Request a new domain controller certificate (Routing and Remote Access server) and a new computer certificate for the client.

Run certutil
certutil -url http://msir2.test.com/CertEnroll/test-MSIR2-CA(1).crl

From W7.test.com client computer, create a VPN connection and specify the Security with SSTP

SSTP connection is established.