Difference between revisions of "Azure/VPN"
From SETV Springfield Technical Wiki
m |
m (→Point-to-Site) |
||
| Line 6: | Line 6: | ||
=== Create Self-Signed Root Certificate === | === Create Self-Signed Root Certificate === | ||
You need to use [[PowerShell]] to create the certificates. | You need to use [[PowerShell]] to create the certificates. | ||
| − | + | * Run PowerShell as Admin | |
| − | + | * Run this command clanging "P25RootCert" to a a static name | |
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature ` | $cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature ` | ||
-Subject "CN=P2SRootCert" -KeyExportPolicy Exportable ` -HashAlgorithm sha256 -KeyLength 2048 ` | -Subject "CN=P2SRootCert" -KeyExportPolicy Exportable ` -HashAlgorithm sha256 -KeyLength 2048 ` | ||
-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign | -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign | ||
| − | + | * Export the Key run <code>certmgr.msc</code> | |
| − | + | * Navigate to <code>'Certificates - Current User\Personal\Certificates'</code>, and right-click. Click All Tasks, and then click Export. | |
| − | + | * Export format as <code>Base-64 encoded X.509 (.CER)</code> | |
| − | + | ||
| + | === Generate Client Certificate === | ||
| + | <code>Get-ChildItem -Path “Cert:\CurrentUser\My”</code> | ||
| + | Find your Root Cert and copy the {Thumbprint} | ||
| + | <code>$cert = Get-ChildItem -Path "Cert:\CurrentUser\My\{THUMBPRINT}"</code> | ||
| + | |||
| + | <code>New-SelfSignedCertificate -Type Custom -KeySpec Signature ` | ||
| + | -Subject "CN=P2SChildCert" -KeyExportPolicy Exportable ` | ||
| + | -HashAlgorithm sha256 -KeyLength 2048 ` | ||
| + | -CertStoreLocation "Cert:\CurrentUser\My" ` | ||
| + | -Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")</code> | ||
| + | [[Category:Platinum Healthcare IT]] | ||
Revision as of 07:42, 12 March 2017
Step-by-set on how to set up VPNs in Azure
Point-to-Site
For roaming and individual users, connect a machine to the Vnet using a certificated VPN Profile.
Create Self-Signed Root Certificate
You need to use PowerShell to create the certificates.
- Run PowerShell as Admin
- Run this command clanging "P25RootCert" to a a static name
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature ` -Subject "CN=P2SRootCert" -KeyExportPolicy Exportable ` -HashAlgorithm sha256 -KeyLength 2048 ` -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
- Export the Key run
certmgr.msc - Navigate to
'Certificates - Current User\Personal\Certificates', and right-click. Click All Tasks, and then click Export. - Export format as
Base-64 encoded X.509 (.CER)
Generate Client Certificate
Get-ChildItem -Path “Cert:\CurrentUser\My”
Find your Root Cert and copy the {Thumbprint}
$cert = Get-ChildItem -Path "Cert:\CurrentUser\My\{THUMBPRINT}"
New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=P2SChildCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
