SOLVED

Azure Point To Site VPN certificate

%3CLINGO-SUB%20id%3D%22lingo-sub-81855%22%20slang%3D%22en-US%22%3EAzure%20Point%20To%20Site%20VPN%20certificate%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-81855%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20currently%20obtained%20a%20SSL%20certificate%20from%20Symantec.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3ECan%20i%20use%20the%20certificate%20for%20authentication%20in%20my%20VPN%3F%20(can%20i%20upload%20the%20.cer%20file%20to%20Azure%20and%20export%20the%20certificate%20as%20.pfx%20and%20distribute%20it%20to%20authorized%20clients%20%3F%20)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-81855%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ENetworking%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EVirtual%20Network%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-82092%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Point%20To%20Site%20VPN%20certificate%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-82092%22%20slang%3D%22en-US%22%3EThanks%20for%20the%20clarification%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-81975%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Point%20To%20Site%20VPN%20certificate%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-81975%22%20slang%3D%22en-US%22%3E%3CP%3Eyou%20recived%20your%20public%20and%20private%20seperatly%2C%20none%20of%20them%20are%20the%20root%20certificate.%3C%2FP%3E%3CP%3EThe%20root%20would%20be%20the%20top%20level%20certificate%2C%20you%20can%20open%20it%2C%20export%20and%20then%20upload.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20314px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F16400i28435A765D3D185D%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22root.png%22%20title%3D%22root.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EBut%20you%20cannot%20use%20the%20exported%20file%20to%20create%20new%20certificates%2C%20so%20all%20you%20clients%20would%20need%20to%20use%20the%20same%20PFX%20from%20you%20SSL%2C%20i%20would%20STRONGLY%20suggest%20you%20consider%20using%20another%20certificate%20for%20client%20access.%20Also%20i%20am%20unaware%20if%20all%20the%20clients%20can%20use%20the%20same%20PFX%20to%20identify%20them%20selves%20with.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-81967%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Point%20To%20Site%20VPN%20certificate%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-81967%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Kent%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20your%20reply.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20we%20ordered%20the%20certificate%20from%20Symantec%2C%20we%20got%20a%20.p7b%20file.%20%26nbsp%3BWhen%20we%20installed%20the%20file%2C%202%20certificates%20appeared%20in%20the%20personal%20certificate%20store%20(one%20issued%20to%20our%20domain%20and%20one%20issued%20to%20Symantec%20by%20Verisign).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhich%20one%20is%20my%20Root%20Certificate%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-81880%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Point%20To%20Site%20VPN%20certificate%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-81880%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20need%20to%20create%20new%20certficates%20for%20each%20client%20based%20off%20the%20root%20certificate.%3C%2FP%3E%3CP%3Elook%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvpn-gateway%2Fvpn-gateway-howto-point-to-site-resource-manager-portal%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20purchased%20a%20Root%20certficate%20for%20your%20own%20PKI%20infrastructure%2C%20then%20yes%20you%20can%20use%20it.%3C%2FP%3E%3CP%3EAs%20it%20is%20just%20an%26nbsp%3BSSL%20certficate%20then%20no%2C%20but%20you%20can%20create%20your%20own%20look%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvpn-gateway%2Fvpn-gateway-certificates-point-to-site%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hello,

 

We currently obtained a SSL certificate from Symantec.


Can i use the certificate for authentication in my VPN? (can i upload the .cer file to Azure and export the certificate as .pfx and distribute it to authorized clients ? )

4 Replies

You need to create new certficates for each client based off the root certificate.

look here

 

If you purchased a Root certficate for your own PKI infrastructure, then yes you can use it.

As it is just an SSL certficate then no, but you can create your own look here

 

 

Hello Kent,

 

Thanks for your reply.

 

When we ordered the certificate from Symantec, we got a .p7b file.  When we installed the file, 2 certificates appeared in the personal certificate store (one issued to our domain and one issued to Symantec by Verisign).

 

Which one is my Root Certificate

Best Response confirmed by N V (Contributor)
Solution

you recived your public and private seperatly, none of them are the root certificate.

The root would be the top level certificate, you can open it, export and then upload.

root.png

But you cannot use the exported file to create new certificates, so all you clients would need to use the same PFX from you SSL, i would STRONGLY suggest you consider using another certificate for client access. Also i am unaware if all the clients can use the same PFX to identify them selves with.

Thanks for the clarification :)