How to Create Root Certificate for Azure VPN using MakeCert command specific to Azure VPN Requirements

Question

How to Create Root Certificate for Azure VPN using MakeCert command specific to Azure VPN Requirements

1) Please mention specific command which could generate the certificate according to Azure VPN requirements and 2) How to get the string value of the certificate to put it on Azure?

Answer 1

Question have two parts, first command and second how to get the string value.

1) You can use below command and you can also change the CN= parameters to your naming if required.

Server:

makecert -sky exchange -r -n “CN=AzureVPNRootCert” -pe -a sha1 -len 2048 -ss My “AzureVPNRootCert.cer”

You need to install the certificate locally and then export it in base 64 encoded format to see the signature string of the certificate to put it on Azure.

2) Use certlm.msc -> Certificate Local computer -> trusted Root Certificate -> certificates -> choose your certificate -> right click export -> choose base 64 encoded format -> save Open the saved certificate in notepad and copy only the Certificate string to Azure.

Bonus: if you need to create client certificate to connect to Azure VPN, from more than one point.

Client:

makecert.exe -n “CN=AzureVpnClientCert” -pe -sky exchange -m 96 -ss My -in “AzureVPNRootCert” -is my -a sha1

For official Docs Original Post