Azure Point-to-Site VPN with Certificate Based Authentication

Azure Point-to-Site VPN with Certificate Based Authentication

This video goes over how to deploy an Azure VNet Gateway on an existing VNet and enable Point-to-Site (P2S) VPN connections.  A P2S connection allows clients to connect securely to an Azure Gateway and access resources on the private VNet.  The video goes on to demonstrate how to create a root certificate and client certificates to use for authentication.  After that, configuring the client is demonstrated as well as blocking a client by revoking a certificate.

The PowerShell commands referenced in the video are located below:

#Create the root cert
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=WestP2SRootCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My"  `
-KeyUsageProperty Sign -KeyUsage CertSign 

# Create Client Cert
New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature `
-Subject "CN=WestP2SClientCert1" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")

5 thoughts on “Azure Point-to-Site VPN with Certificate Based Authentication”

  2. Pingback: Azure Point-to-Site VPN - InfoSec Memo

  3. Aníbal Juárez

    I need to create more P2SChildCert, but get that error:

    New-SelfSignedCertificate : Cannot bind parameter ‘Signer’ to the target. Exception setting “Signer”: “Value cannot be
    null.
    Parameter name: Signer”
    At line:6 char:9
    + -Signer $cert -TextExtension @(“2.5.29.37={text}1.3.6.1.5.5.7.3.2”)
    + ~~~~~
    + CategoryInfo : WriteError: (:) [New-SelfSignedCertificate], ParameterBindingException
    + FullyQualifiedErrorId : ParameterBindingFailed,Microsoft.CertificateServices.Commands.NewSelfSignedCertificateCo
    mmand

    Reply
  4. Ian

    Excellent tutorial! Thank you! To make future ones even better, I’d suggest adding a brief “why are we doing this” before each step.

    One gotcha that I hit: pasting the public cert into the portal was including a space character, and the portal does not ignore them as it “should”. I suspect my use of NotePad2 was the issue. The result was failure to connect, error 0x8007274c. Re-pasting with no spaces solved it.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Twitter Youtube
November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  
Meta
Tags

About Auther

Travis Roberts is a Cloud Infrastructure Architect, author, and speaker based in Minneapolis, Minnesota.

Contact Info

© copyright 2022. All Rights Reserved.

Scroll to Top