makecert.exe has been deprecated.
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x86\makecert.exe" -sky exchange -r -n "CN=PlazRootCert" -pe -a sha1 -len 2048 -ss my "PlazRootCert.cer"
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x86\makecert.exe" -n "CN=PlazVPNClientCert" -pe -sky exchange -m 96 -ss my -in "PlazRootCert" -is my -a sha1
powershell for self signed certificate
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject "CN=PlazRootCertVM" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature -Subject "CN=PlazVPNClientCertVM" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
azure VPN gateway has many sku but basic is out of the list in azure portal but you can create it with powershell script.
$vnet = Get-AzVirtualNetwork -Name VNET1 -ResourceGroupName dcyf
$subnet = Get-AzVirtualNetworkSubnetConfig -name 'GatewaySubnet' -VirtualNetwork $vnet
$ngwpip = @{
Name = 'PLAZVPN_Gateway_Public_IP'
ResourceGroupName = 'dcyf'
Location = 'westus2'
Sku = 'Basic'
AllocationMethod = 'Dynamic'
IpAddressVersion = 'IPv4'
}
New-AzPublicIpAddress @ngwpip
$ngwpip = Get-AzPublicIpAddress -Name PLAZVPN_Gateway_Public_IP -ResourceGroupName dcyf
$gwipconfig = New-AzVirtualNetworkGatewayIpConfig -Name PLAZVPN_Gateway_Public_IP_Config -SubnetId $subnet.Id -PublicIpAddressId $ngwpip.Id
New-AzVirtualNetworkGateway -Name PLAZVPN_Gateway_VNET1 -ResourceGroupName dcyf -Location "westus2" -IpConfigurations $gwipconfig -GatewayType "Vpn" -VpnType "RouteBased" -GatewaySku "Basic"
1. create root cert
2. create client cert issued by root cert.
3. create vpn gateway through portal or command
4. add configuration to add root cert (public key only)
5. download vpn client and install on local machine
6. install client cert (pfx) to the cert mmc.
---------------------------------------------------------------------------------------
https://www.youtube.com/watch?v=Yshpo6V1qUQ
https://www.youtube.com/watch?v=aa5b0t9bZy0
https://learn.microsoft.com/en-us/azure/vpn-gateway/
No comments:
Post a Comment