How to Setup SSTP VPN Client in Windows Using Certificate from Mikrotik
Setting SSTP VPN Client in Windows is more complicated than setting a PPTP VPN Client. This happens because the use of SSTP VPN is much more secure (secure) than PPTP VPN, where the SSTP VPN connection in Windows must use SSL Certificate (Secure Sockets Layer). Another thing with PPTP VPN that does not need to bother using SSL Certificate, just a little setting can already connect.
In this Mikrotik Tutorial, we will discuss Tutorial How to Setting SSTP VPN Client in Windows 10 by first create SSL Certificate from Mikrotik Device. Before proceeding to this Tutorial, make sure you have read the previous Mikrotik Tutorial about:
Creating SSL Certificates CA, Server, and Client in Mikrotik
1. Create an SSL Certificate in Mikrotik for CA (Certificate Authority). Go to System Menu -> Certificates -> Add new certificate with detail as below:


Noteworthy is the Name and Common Name (CN) fields.
- In the column, Name fill CA.
- In the Common Name, field fill in the IP Address (public) or domain name of the SMTP Server.
- For other columns please tailored to your respective data
2. Create an SSL Certificate for Client and Server. The way is the same as the first step, just replace the Name and Common Name.

3. Sign the third SSL Certificate by clicking the Sign option on each certificate.
SSL CA Certificate Sign:
At the time of sign, in the Certificate column select, CA -> Column CA CRL Host fill in the Public Address IP or domain name SSTP Server

Sign Certificate SSL Server:
At sign in, in the Certificate field select Server -> CA column: select CA -> CA CRL Host: empty

3. After Certificate in Sign, make sure everything is already marked T which means Trusted. If not, go to its certificate -> check Trusted

4. Export Certificate of CA and its Client. Right, click on Certificate -> select Export option.

5. The Export Certificate results will appear in the Files menu with the .crt extension. Copy the Certificate file to the computer.

6. Paste the Certificate file to one of the Folders on the Computer. Then Install both the Certificate by right click -> Install Certificate
7. Create the DHCP VPN IP Pool :

8. Create the PPP Profile

9. Create a PPP secret (user/client)

10. Configre and enable the SSTP server:
11.Create SSTP firewall filter and nat rules
Select [IP > Firewall]
In this example, keep in mind that once the VPN is established, the VPN client(s) will be pulling IP addresses from the previously created DHCP VPN IP Pool (10.10.100.10 – 10.10.100.254).
WINDOWS 10: INSTALL THE “CA” CERTIFICATE
We’ve completed the SSTP VPN setup for SiteX on the Mikrotik and will now need to configure the VPN on the client-side for ClientX’s Windows 10 machine. Earlier in this guide, we exported the “CA” certificate using the MikroTik at SiteX.
- In Winbox, select Files on the left-hand side. If you’ve been following the naming conventions of this guide, the file should be named “cert_export_CA.crt”. Drag or Download (right-click > download) the file to a safe location on your computer.
- Now that the CA certificate has been downloaded from the MikroTik, we will need to transfer the certificate to ClientX’s Windows 10 machine, I’ll let you decide how this is done.
- After transferring the CA certificate to ClientX, right-click on the certificate and select “Install Certificate” from the context menu and use the following screenshots below to complete the CA certificate setup for ClientX’s SSTP VPN: