Install client certificates for P2S certificate authentication connections
When a P2S VPN gateway is configured to require certificate authentication, each client computer must have a client certificate installed locally. This article helps you install a client certificate locally on a client computer. You can also use Intune to install certain VPN client profiles and certificates.
For information about generating certificates, see the Generate certificates section of the Point-to-site configuration article.
Windows
- Once the client certificate is exported, locate and copy the .pfx file to the client computer.
- On the client computer, double-click the .pfx file to install. Leave the Store Location as Current User, and then select Next.
- On the File to import page, don't make any changes. Select Next.
- On the Private key protection page, input the password for the certificate, or verify that the security principal is correct, then select Next.
- On the Certificate Store page, leave the default location, and then select Next.
- Select Finish. On the Security Warning for the certificate installation, select Yes. You can comfortably select 'Yes' for this security warning because you generated the certificate.
- The certificate is now successfully imported.
macOS
- Locate the .pfx certificate file and copy it to your Mac. You can get the certificate to the Mac in several ways. For example, you can email the certificate file.
- Double-click the certificate. You'll either be asked to input the password and the certificate will automatically install, or the Add Certificates box will appear. On the Add Certificates box, click Add to begin the install.
- Select login from the dropdown.
- Enter the password that you created when the client certificate was exported. The password protects the private key of the certificate. Click OK.
- Click Add to add the certificate.
- To view the added certificate, open the Keychain Access application and navigate to the Certificates tab.
Linux
The Linux client certificate is installed on the client as part of the client configuration. There are a few different methods to install certificates. You can use strongSwan steps, or OpenVPN client.
Configure VPN clients
To continue configuration, go back to the client that you were working on. You can use this table to easily locate the link:
Authentication | Tunnel type | Client OS | VPN client |
---|---|---|---|
Certificate | |||
IKEv2, SSTP | Windows | Native VPN client | |
IKEv2 | macOS | Native VPN client | |
IKEv2 | Linux | strongSwan | |
OpenVPN | Windows | Azure VPN client OpenVPN client version 2.x OpenVPN client version 3.x |
|
OpenVPN | macOS | OpenVPN client | |
OpenVPN | iOS | OpenVPN client | |
OpenVPN | Linux | Azure VPN Client OpenVPN client |
|
Microsoft Entra ID | |||
OpenVPN | Windows | Azure VPN client | |
OpenVPN | macOS | Azure VPN Client | |
OpenVPN | Linux | Azure VPN Client |
Next steps
Continue with the Point-to-Site configuration steps to Create and install VPN client configuration files. Use the links in the VPN client table.