Create two certificates Child and Root, save it into "Cert:\CurrentUser\My" and upload the root cert's public key (.cer) to Azure VPN G/W configuration then save config, download VPN Client and retry.
Note: Below guidance is for dev/test environment.
A) PowerShell Code to create these two certificates (Root and Child)
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject "CN=P2SRootCert" -KeyExportPolicy Exportable
-HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature
-Subject "CN=P2SChildCertServerADDS" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
B) Check if certs (Root and Child) are created under user "Certificates\Current User\Personal\Certificates" PS Code: Get-ChildItem "Cert:\CurrentUser\My" GUI: Run =>MMC=>Ctrl+M=> Select "Certificates" and "Add" to snap-ins => My User Account =>Finish Explore under Console root => Certificates-Current user =>Personal =>Certificates Root and Child Cert should be available here
C)Export Root cert's pub key and configure with Azure VPN Right Click on Root Cert which previously discovered =>All Tasks=>Export=>"Choose "No, do not export the private key" =>Export File format should be " base-64 encoded x.509(.cer)=>Saves the file to localmachine(ex: C:\RootCertPubkey.cer) Configure Azure VPN: Go to RootCertPubkey.cer (ex: C:\RootCertPubkey.cer) =>Right Click=>Open With=> Notepad=> Copy signature block alone (I.e. everything between -----BEGIN CERTIFICATE----- to-----END CERTIFICATE-----) Upload copied key,how? Follow below steps Go to Azure Portal => Virtual network Gateway =>P2S Configuration within the Root Certificates section paste the previously coped root cert's public data from notepad. Name = CNRootCertPubdata ,Public Certficate data = <PASTE here> Now, Click Save and Download VPN Client and reconfigure the VPN setting on VPN client.