Thursday 16 March 2023

Quick guide Azure point to site VPN certificates generation and installation

The first step is to run the below code and make your new certificates

connect-azaccount

$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject "CN=P2SRoot2022" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign

New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature -Subject "CN=P2SChild2022" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")

Once this is done, you need to export the root as a .cer without the private key and then the child as a pfx with the private key and a password.

You then need to add the cer root in to Azure P2S config by opening the .cer file and selecting and copying all the text between the following

---------BEGINE CERTIFICATE---------

---------END CERTIFICATE--------------

and paste the text in to the Azure portal, then import the child in to the client system in the following location

Current User\Personal\Certificates

This should be it, but sometimes it does not work,  if you get error 798 in the client; download the vpn set up from the Azure portal and install over the top of its self.  this should correct that error.

Generate and export certificates for P2S: PowerShell - Azure VPN Gateway | Microsoft Learn

Install a Point-to-Site client certificate - Azure VPN Gateway | Microsoft Learn

No comments:

Post a Comment