Friday, November 4, 2022

create cert for azure VPN

makecert.exe has been deprecated.

"C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x86\makecert.exe" -sky exchange -r -n "CN=PlazRootCert" -pe -a sha1 -len 2048 -ss my "PlazRootCert.cer"

"C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x86\makecert.exe" -n "CN=PlazVPNClientCert" -pe -sky exchange -m 96 -ss my -in "PlazRootCert" -is my -a sha1

powershell for self signed certificate

$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject "CN=PlazRootCertVM" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign

New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature -Subject "CN=PlazVPNClientCertVM" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")

azure VPN gateway has many sku but basic is out of the list in azure portal but you can create it with powershell script.

$vnet = Get-AzVirtualNetwork -Name VNET1 -ResourceGroupName dcyf

$subnet = Get-AzVirtualNetworkSubnetConfig -name 'GatewaySubnet' -VirtualNetwork $vnet

$ngwpip = @{

    Name = 'PLAZVPN_Gateway_Public_IP'

    ResourceGroupName = 'dcyf'

    Location = 'westus2'

    Sku = 'Basic'

    AllocationMethod = 'Dynamic'

    IpAddressVersion = 'IPv4'

}

New-AzPublicIpAddress @ngwpip

$ngwpip = Get-AzPublicIpAddress -Name PLAZVPN_Gateway_Public_IP -ResourceGroupName dcyf

$gwipconfig = New-AzVirtualNetworkGatewayIpConfig -Name PLAZVPN_Gateway_Public_IP_Config -SubnetId $subnet.Id -PublicIpAddressId $ngwpip.Id

New-AzVirtualNetworkGateway -Name PLAZVPN_Gateway_VNET1 -ResourceGroupName dcyf -Location "westus2" -IpConfigurations $gwipconfig -GatewayType "Vpn" -VpnType "RouteBased" -GatewaySku "Basic"

1. create root cert

2. create client cert issued by root cert.

3. create vpn gateway through portal or command

4. add configuration to add root cert (public key only) 

5. download vpn client and install on local machine

6. install client cert (pfx) to the cert mmc.

---------------------------------------------------------------------------------------

https://www.youtube.com/watch?v=Yshpo6V1qUQ

https://www.youtube.com/watch?v=aa5b0t9bZy0

https://learn.microsoft.com/en-us/azure/vpn-gateway/




Posted by at No comments:

download cert with openssl and IEChooser.exe

openssl.exe s_client -connect <domain.company.com>:<port>

C:\Windows\System32\F12\IEChooser.exe

Posted by at No comments:

Tuesday, November 1, 2022

check .net framework and .net core version




Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP' -Recurse | Get-ItemProperty -Name version -EA 0 | Where { $_.PSChildName -Match '^(?!S)\p{L}'} | Select PSChildName, version\


dotnet --list-runtimes

Posted by at No comments:
Subscribe to: Posts (Atom)