VpnClientRootCertificateDataInvalid : Point-to-site

Andrej Struhacka 21 Reputation points
2021-03-17T10:55:23.847+00:00

Hello,

We have a Point-to-site configuration set up in the Azure Virtual network gateway and there are uploaded Root certificates.
Two certificates expired. I would like to remove them from the portal and replace them with new ones. It is not possible. Although I can remove them, the save option isn´t available. Also it isn´t possible to save a new certificate.

I tried to remove expired certificates through a powershell command:

az network vnet-gateway root-cert delete --resource-group MyGroup --name MyCert1 --gateway-
name MyGateway

There was an error message:

(VpnClientRootCertificateDataInvalid) Data for certificate
/subscriptions/XYZ/resourceGroups/MyGroup/providers/Microsoft.Network/virtualNetworkGateway
s/MyGateway/vpnClientRootCertificates/MyCert2 is invalid.

There was another error message that the second expired certificate is wrong.

Could you help me with this problem?
Thanks

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,445 questions
{count} votes

Accepted answer
  1. suvasara-MSFT 10,026 Reputation points
    2021-03-18T10:37:13.053+00:00

    @Andrej Struhacka , This looks like an internal product bug. This requires a deeper investigation, so if you have a support plan, I request you file a support ticket, else please do let us know, we will try and help you get a one-time free technical support. In this case, could you send an email to AzCommunity[at]Microsoft[dot]com referencing this thread and your subscription id.

    Thank you for your cooperation on this matter and look forward to your reply.

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Ike Murphy 1 Reputation point
    2021-03-18T15:30:55.867+00:00

    We are having the exact same problem. It's complaining about a bad existing cert while trying to create one, and we can't delete it (or any of them). The save is gray and when you navigate away it says the changes will be lost, but like I said you can't save. It's been working for years. It worked a month ago.


  2. Andrej Struhacka 21 Reputation points
    2021-03-18T21:09:57.593+00:00

    Thanks for help. I send support ticket.

    0 comments No comments