Home > OS >  Azure : Point to Site, from the Certificate Authority, what kind of certificates should be requested
Azure : Point to Site, from the Certificate Authority, what kind of certificates should be requested

Time:12-16

As a part of the POC, I followed the article https://www.ais.com/how-to-configure-point-to-site-vpn-connection-using-azure-certificate-authentication/ and configured Point-to-Site.

In summary: I have created the Root & Client Certificate and configured the Virtual Gateway

Here we are generating the root certificate

$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature  -Subject "CN=VPNRoot" -KeyExportPolicy Exportable  -HashAlgorithm sha256 -KeyLength 2048  -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign

Here we are generating the client certificate from the root certificate

New-SelfSignedCertificate -Type Custom -DnsName VPNCert -KeySpec Signature  -Subject "CN=VPNCert" -KeyExportPolicy Exportable  -HashAlgorithm sha256 -KeyLength 2048  -CertStoreLocation "Cert:\CurrentUser\My" -Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")

Now that it works, my goal is to replace the certificates ("Root" and "Client") with production ready certificates.

From the Certificate Authority, what kind of certificates should be requested?

Note: Our Azure Tenant is something like xyznp.onmicrosoft.com

CodePudding user response:

Note that In Azure Point to Site, you can use a root certificate that was generated using an Enterprise solution, or you can generate a self-signed certificate.

enter image description here

Refer : About Azure Point-to-Site VPN connections - Azure VPN Gateway

When you are using the enterprise solution certificate chain in the root certificate, you should acquire the .cer file for the root certificate that want to use.

And generate a client certificate with the common name value format [email protected]. In your case it should be in the format [email protected]

Refer : Connect to a VNet using P2S VPN & certificate authentication: portal - Azure VPN Gateway

NOTE : Verify the authentication order on the client certificate if you used a certificate that was issued by an Enterprise CA solution and but having trouble for authenticating.

  • By double-clicking the client certificate, choosing the Details tab, and then selecting Enhanced Key Usage, you can verify the authentication list order like below.

enter image description here

Make sure Client Authentication is listed first. If it isn't, create a client certificate based on the user template with Client Authentication listed as the first item.

Refer: Connect to a VNet using P2S VPN & certificate authentication: portal - Azure VPN Gateway

Page link:https//www.codepudding.com/os/644745.html

Prev:How to use custom root SSL certificate with system Android certificates?
Next:How can we do date highlight which we particular disabled using jquery in ui datepicker
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding