Failed to complete TLS handshake with Error: The received certificate has expired.

Question

Failed to complete TLS handshake with Error: The received certificate has expired.

clearadmin 20

Virtual Network Gateway VPN is failing Point-to-Site connections with Azure VPN Client using Microsoft Entra ID authentication.

Ravi Varma Mudduluru 11,955 Reputation points Microsoft External Staff Moderator

2026-04-15T15:48:22.9733333+00:00

Hello @ clearadmin,

Thank you for reaching the Microsoft Q&A.

I noticed that different authentication methods are mentioned in both the question title and the description of the issue. To help us better understand and investigate this further, could you please provide the following details?

1.Could you please confirm which authentication method is currently configured for the VPN gateway — Microsoft Entra ID–based authentication or certificate-based authentication?

2.If Microsoft Entra ID authentication is being used, please note that client certificates are not required for the VPN connection.

3.To help us investigate further, could you kindly share the complete error details (screenshots or logs) via private message?
clearadmin 20 Reputation points

2026-04-15T16:38:31.63+00:00

Microsoft Entra ID–based authentication
clearadmin 20 Reputation points

2026-04-15T16:53:30.56+00:00
Hi,

Thank you for your response.

The VPN gateway is currently configured to use Microsoft Entra ID–based authentication only. Certificate-based authentication is not configured.

Understood, and confirmed — we are not using client certificates for this connection.

The error we are receiving on all client machines is: “Failed to complete TLS handshake. The received certificate has expired.”

This issue started immediately after a planned maintenance/failover event on the VPN gateway. We have already:

Completed migration to Standard IP

Successfully committed the migration

Reset the VPN gateway

Downloaded and re-imported a fresh Azure VPN client profile

Despite these steps, the issue persists for all users.

We will share additional screenshots and logs via private message.

Thank you.Hi,

Thank you for your response.

The VPN gateway is currently configured to use Microsoft Entra ID–based authentication only. Certificate-based authentication is not configured.

Understood, and confirmed — we are not using client certificates for this connection.

The error we are receiving on all client machines is:
“Failed to complete TLS handshake. The received certificate has expired.”

This issue started immediately after a planned maintenance/failover event on the VPN gateway. We have already:

Completed migration to Standard IP

Successfully committed the migration

Reset the VPN gateway

Downloaded and re-imported a fresh Azure VPN client profile

Despite these steps, the issue persists for all users.

We will share additional screenshots and logs via private message.

Thank you.
Ravi Varma Mudduluru 11,955 Reputation points Microsoft External Staff Moderator

2026-04-15T17:27:39.0633333+00:00

Hello @ clearadmin

Could you please share the portal P2S screenshot in the private message and also share us the requested details there?

Answer accepted by question author

0 additional answers

Your answer

Ravi Varma Mudduluru 11,955 Reputation points Microsoft External Staff Moderator

2026-04-15T15:48:22.9733333+00:00

Hello @ clearadmin,

Thank you for reaching the Microsoft Q&A.

I noticed that different authentication methods are mentioned in both the question title and the description of the issue. To help us better understand and investigate this further, could you please provide the following details?

1.Could you please confirm which authentication method is currently configured for the VPN gateway — Microsoft Entra ID–based authentication or certificate-based authentication?

2.If Microsoft Entra ID authentication is being used, please note that client certificates are not required for the VPN connection.

3.To help us investigate further, could you kindly share the complete error details (screenshots or logs) via private message?
clearadmin 20 Reputation points

2026-04-15T16:38:31.63+00:00

Microsoft Entra ID–based authentication
clearadmin 20 Reputation points

2026-04-15T16:53:30.56+00:00

Hi,

Thank you for your response.

The VPN gateway is currently configured to use Microsoft Entra ID–based authentication only. Certificate-based authentication is not configured.

Understood, and confirmed — we are not using client certificates for this connection.

The error we are receiving on all client machines is: “Failed to complete TLS handshake. The received certificate has expired.”

This issue started immediately after a planned maintenance/failover event on the VPN gateway. We have already:

Completed migration to Standard IP

Successfully committed the migration

Reset the VPN gateway

Downloaded and re-imported a fresh Azure VPN client profile

Despite these steps, the issue persists for all users.

We will share additional screenshots and logs via private message.

Thank you.Hi,

Thank you for your response.

The VPN gateway is currently configured to use Microsoft Entra ID–based authentication only. Certificate-based authentication is not configured.

Understood, and confirmed — we are not using client certificates for this connection.

The error we are receiving on all client machines is:
“Failed to complete TLS handshake. The received certificate has expired.”

This issue started immediately after a planned maintenance/failover event on the VPN gateway. We have already:

Completed migration to Standard IP

Successfully committed the migration

Reset the VPN gateway

Downloaded and re-imported a fresh Azure VPN client profile

Despite these steps, the issue persists for all users.

We will share additional screenshots and logs via private message.

Thank you.
Ravi Varma Mudduluru 11,955 Reputation points Microsoft External Staff Moderator

2026-04-15T17:27:39.0633333+00:00

Hello @ clearadmin

Could you please share the portal P2S screenshot in the private message and also share us the requested details there?

Answer 1

Ravi Varma Mudduluru 11,955 Microsoft External Staff Moderator

Hello @ clearadmin,
**
Thank you for reaching out to Microsoft Q&A.

**As discussed, the Point-to-Site configuration was not set up correctly. As shown in the screenshot, the forward slash ( / ) was missing after the Tenant ID. After adding the “/” following the Tenant ID, the issue was resolved, and you were able to successfully connect to the VPN gateway.

Screenshot showing settings for Tunnel type, Authentication type, and Microsoft Entra settings.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

0 comments

Share via

Failed to complete TLS handshake with Error: The received certificate has expired.

0 additional answers

Your answer