Please clarify for required certificates for P2S connection in Azure

Take this:

 

1️. Which certificates do we need to export at certmgr.msc?

For a Point-to-Site (P2S) VPN connection in Azure using certificate authentication, you need to export:

Root Certificate (.CER)

• This is the public certificate used to authenticate client certificates.
• You upload this to the Azure VPN Gateway.
• Found in:
  Certificates - Current User > Personal > Certificates
• Export format:
  Base-64 encoded X.509 (.CER)
  (No private key)

Client Certificate (.PFX)

• This is the private certificate installed on each client device.
• Found in the same location:
  Certificates - Current User > Personal > Certificates
• Export format:
  Personal Information Exchange (.PFX)
  (Includes private key and password)

2.  If we need to export Personal certificate, what I need to do, if no certificates are showing or another certificates (like Adobe) are showing at Personal?

If you don’t see the required certificates in certmgr.msc, you’ll need to generate them manually using PowerShell:

Step A: Create a Root Certificate

$rootCert = New-SelfSignedCertificate -Type Custom -Subject "CN=P2SRootCert" `
  -KeySpec Signature -KeyExportPolicy Exportable -KeyUsage CertSign `
  -KeyUsageProperty Sign -KeyLength 2048 -HashAlgorithm sha256 `
  -CertStoreLocation "Cert:\CurrentUser\My"

Step B: Create a Client Certificate

New-SelfSignedCertificate -Type Custom -Subject "CN=P2SClientCert" `
  -DnsName "P2SClientCert" -KeySpec Signature -KeyExportPolicy Exportable `
  -KeyLength 2048 -HashAlgorithm sha256 -CertStoreLocation "Cert:\CurrentUser\My" `
  -Signer $rootCert

After running these commands:

• Open certmgr.msc again.
• You’ll now see both certificates under Personal > Certificates.
• You can then export them as described in Step 1.