Storing a Windows 7 CA Certificate

While the connecting user is authenticated with Username/Password using MSCHAPv2,
the gateway is authenticated in advance using Certificates.

To install the trusted CA certificate locally, call up the Microsoft Management Console (mmc) and add the Certificates Snap-In:

It is of the utmost importance that you select Computer account:

Go into the Certificates (Local Computer) / Trusted Root Certification Authorities / Certificates folder

and select the Import action which will start the Certificate Import Wizard:

Never double-click on a certificate file because the content will end
up in the current user instead of the local computer part of the Windows registry
and will not be available for IPsec.

Select the Root CA certificate file to be imported and install it in the Trusted Root Certification Authorities