This document outlines how to configure a point-to-site connection from a client computer that needs to interact with Prinergy running in an Azure VM.
Instructions are provided for both Windows and Mac clients.
Point-to-site gateway configured with:
Execute commands to create root certificate:
# Generate root private key openssl genrsa -aes256 -out RootAzureVPN.key 2048 # Generate a root certificate valid for 10 years openssl req -x509 -sha256 -new -key RootAzureVPN.key -out RootAzureVPN.cer -days 1825 -subj /CN=RootAzureVPN |
Execute commands to create client certificate:
# Generate a certificate request openssl genrsa -out clientCert.key 2048 openssl req -new -out clientCert.req -key clientCert.key -subj /CN=ClientAzureVPN # Generate a certificate from the certificate request and sign it as the CA that you are. openssl x509 -req -sha256 -in clientCert.req -out clientCert.cer -CAkey RootAzureVPN.key -CA RootAzureVPN.cer -days 1825 -CAcreateserial -CAserial serial # Pack key and certificate in a .pfx (pkcs12 format) openssl pkcs12 -export -out clientCert.pfx -inkey clientCert.key -in clientCert.cer -certfile RootAzureVPN.cer |
Create a self-signed root certificate:
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature ` -Subject "CN=P2SRootCert" -KeyExportPolicy Exportable ` -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" ` -KeyUsageProperty Sign -KeyUsage CertSign |
IMPORTANT: `in each command line tells Powershell the command continues into next the line
Create a client certificate:
New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature ` -Subject "CN=P2SChildCert" -KeyExportPolicy Exportable ` -HashAlgorithm sha256 -KeyLength 2048 ` -CertStoreLocation "Cert:\CurrentUser\My" ` -Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2") |
Check that at least the two generated/registered certificates are listed:
PS C:\> Get-ChildItem -Path "Cert:\CurrentUser\My" Thumbprint Subject ---------- ------- F3C3B23CDCBFC90AA606446966E2FAAD49B70AC5 CN=P2SRootCert 44E1451EE36DBCD82A1B752ECC854CBE0271C520 CN=P2SChildCert |