Azure : Point to Site, from the Certificate Authority, what kind of certificates should be requested?
As a part of the POC, I followed the article https://www.ais.com/how-to-configure-point-to-site-vpn-connection-using-azure-certificate-authentication/ and configured Point-to-Site.
In summary: I have created the Root & Client Certificate and configured the Virtual Gateway
Here we are generating the root certificate
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject "CN=VPNRoot" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
Here we are generating the client certificate from the root certificate
New-SelfSignedCertificate -Type Custom -DnsName VPNCert -KeySpec Signature -Subject "CN=VPNCert" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
Now that it works, my goal is to replace the certificates ("Root" and "Client") with production ready certificates.
From the Certificate Authority, what kind of certificates should be requested?
Note: Our Azure Tenant is something like xyznp.onmicrosoft.com
Note that In Azure Point to Site, you can use a root certificate that was generated using an Enterprise solution, or you can generate a self-signed certificate.
Refer : About Azure Point-to-Site VPN connections - Azure VPN Gateway
When you are using the enterprise solution certificate chain in the root certificate, you should acquire the .cer file for the root certificate that want to use.
And generate a client certificate with the common name value format name@yourdomain.com. In your case it should be in the format xyznp@onmicrosoft.com
Refer : Connect to a VNet using P2S VPN & certificate authentication: portal - Azure VPN Gateway
NOTE : Verify the authentication order on the client certificate if you used a certificate that was issued by an Enterprise CA solution and but having trouble for authenticating.
- By double-clicking the client certificate, choosing the Details tab, and then selecting Enhanced Key Usage, you can verify the authentication list order like below.
Make sure Client Authentication is listed first. If it isn't, create a client certificate based on the user template with Client Authentication listed as the first item.
Refer: Connect to a VNet using P2S VPN & certificate authentication: portal - Azure VPN Gateway
- Should I share my website's SSL private key with CloudFlare to use its CDN service?
- npm install error - unable to get local issuer certificate
- How to fix ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056)?
- Axum + TLS | How to specify config?
- Google Chrome localhost | NET::ERR_CERT_AUTHORITY_INVALID
- LDAPException(resultCode=8 (strong auth required), diagnosticMessage='BindSimple: Transport encryption required
- Configuring Django and MinIO using HTTPS on same server
- Cannot create developer certificate on Mac
- Creating .p12 truststore with openssl
- Unable to find valid certification path to requested target - error even after cert imported
- Python: how to get expired SSL cert date?
- ESP32 TLS cert update
- Using multiple SSL certificates in Tomcat 7
- SSL handshake failure in Java Agent (in HCL Notes 14)
- How to fix javax.net.ssl.SSLHandshakeException even though i have already added the certificate
- SSL configuration issue with RabbitMQ Web-Stomp Plugin
- How to Automatically Renew Let's Encrypt SSL Certificate on All-Inkl DNS and Google Cloud VM (Ubuntu)?
- Explicit SSL / TLS version selection
- Why is Firefox not trusting my self-signed certificate?
- Poetry install failing with SSLError: Max retries exceeded on GitHub HTTPSConnectionPool
- nginx SSL no start line: expecting: TRUSTED CERTIFICATE
- How can I tell git to ignore SSL errors only for one specific remote host?
- Coolify with CloudFlared & SSL/TLS HTTPS
- How to ignore SSL certificate errors in Apache HttpComponents HttpClient 5.1
- Python - requests.exceptions.SSLError - dh key too small
- PyMongo [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate
- FastAPI OAuth2 with ForgeRock: SSL Certificate Verification Issue
- SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
- nginx the "ssl" directive is deprecated, use the "listen ... ssl"
- Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?