This video goes over how to deploy an Azure VNet Gateway on an existing VNet and enable Point-to-Site (P2S) VPN connections. A P2S connection allows clients to connect securely to an Azure Gateway and access resources on the private VNet. The video goes on to demonstrate how to create a root certificate and client certificates to use for authentication. After that, configuring the client is demonstrated as well as blocking a client by revoking a certificate.
The PowerShell commands referenced in the video are located below:
#Create the root cert
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=WestP2SRootCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-KeyUsageProperty Sign -KeyUsage CertSign
# Create Client Cert
New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature `
-Subject "CN=WestP2SClientCert1" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
is it possible to use public CA certificate for this ?
yes
I need to create more P2SChildCert, but get that error:
New-SelfSignedCertificate : Cannot bind parameter ‘Signer’ to the target. Exception setting “Signer”: “Value cannot be
null.
Parameter name: Signer”
At line:6 char:9
+ -Signer $cert -TextExtension @(“2.5.29.37={text}1.3.6.1.5.5.7.3.2”)
+ ~~~~~
+ CategoryInfo : WriteError: (:) [New-SelfSignedCertificate], ParameterBindingException
+ FullyQualifiedErrorId : ParameterBindingFailed,Microsoft.CertificateServices.Commands.NewSelfSignedCertificateCo
mmand