| title | titleSuffix | description | author | ms.service | ms.topic | ms.date | ms.author |
|---|---|---|---|---|---|---|---|
Generate and export certificates for P2S: PowerShell |
Azure VPN Gateway |
Learn how to create a self-signed root certificate, export a public key, and generate client certificates for VPN Gateway point-to-site connections. |
cherylmc |
azure-vpn-gateway |
how-to |
06/24/2024 |
cherylmc |
This article shows you how to create a self-signed root certificate and generate client certificates using PowerShell on Windows 10 or later, or Windows Server 2016 or later. The steps in this article help you create .pfx and .cer files. If you don't have a Windows computer, you can use a small Windows VM as a workaround.
The PowerShell cmdlets that you use to generate certificates are part of the operating system and don't work on other versions of Windows. The host operating system is only used to generate the certificates. Once the certificates are generated, you can upload them or install them on any supported client operating system.
If you don't have a computer that meets the operating system requirement, you can use MakeCert to generate certificates. The certificates that you generate using either method can be installed on any supported client operating system.
[!INCLUDE Generate and export - this include is for both vpn-gateway and virtual-wan]
Each client that connects over a P2S connection requires a client certificate to be installed locally. To install a client certificate, see Install a client certificate for point-to-site connections.
Continue with your point-to-site configuration.
- For Resource Manager deployment model steps, see Configure P2S using native Azure certificate authentication.
- For classic deployment model steps, see Configure a point-to-site VPN connection to a VNet (classic).