The first step is to run the below code and make your new certificates
connect-azaccount
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject "CN=P2SRoot2022" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature -Subject "CN=P2SChild2022" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
Once this is done, you need to export the root as a .cer without the private key and then the child as a pfx with the private key and a password.
You then need to add the cer root in to Azure P2S config by opening the .cer file and selecting and copying all the text between the following
---------BEGINE CERTIFICATE---------
---------END CERTIFICATE--------------
and paste the text in to the Azure portal, then import the child in to the client system in the following location
Current User\Personal\Certificates
This should be it, but sometimes it does not work, if you get error 798 in the client; download the vpn set up from the Azure portal and install over the top of its self. this should correct that error.
Generate and export certificates for P2S: PowerShell - Azure VPN Gateway | Microsoft Learn
Install a Point-to-Site client certificate - Azure VPN Gateway | Microsoft Learn
No comments:
Post a Comment