How to
Create Point-to-Site VPN Certificate for Azure VPN Gateway
1. Open PowerShell with admin privileges locally.
2. Use this example to generate the self-signed root certificate.
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=P2SRootCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
The certificate will be automatically installed in the Certificates-Current User\Personal\Certificates in
Certification Manager. You can open Certificate Manager and view the certificate by writing certmgr.msc
in CMD.
3. With your PowerShell session still open, run the following example.
New-SelfSignedCertificate -Type Custom -DnsName P2SClientCert -KeySpec Signature `
-Subject "CN=P2SChildCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
4. Export root certificate public key
Run certmgr in PowerShell or CMD
In Certmgr right click and export the root certificate.
Save the root certificate in a location of your choice.
Open the root certificate with Notepad, and copy the highlighted part of the certificate and insert it into
the public certificate data field under the Point-to-Site configuration settings in the Virtual Network
Gateway in the Azure Portal.