VpnClientRootCertificateDataInvalid : Point-to-site

Question

Hello,

We have a Point-to-site configuration set up in the Azure Virtual network gateway and there are uploaded Root certificates.
Two certificates expired. I would like to remove them from the portal and replace them with new ones. It is not possible. Although I can remove them, the save option isn´t available. Also it isn´t possible to save a new certificate.

I tried to remove expired certificates through a powershell command:

az network vnet-gateway root-cert delete --resource-group MyGroup --name MyCert1 --gateway-
name MyGateway

There was an error message:

(VpnClientRootCertificateDataInvalid) Data for certificate
/subscriptions/XYZ/resourceGroups/MyGroup/providers/Microsoft.Network/virtualNetworkGateway
s/MyGateway/vpnClientRootCertificates/MyCert2 is invalid.

There was another error message that the second expired certificate is wrong.

Could you help me with this problem?
Thanks

Answer 1

@Andrej Struhacka , This looks like an internal product bug. This requires a deeper investigation, so if you have a support plan, I request you file a support ticket, else please do let us know, we will try and help you get a one-time free technical support. In this case, could you send an email to AzCommunity[at]Microsoft[dot]com referencing this thread and your subscription id.

Thank you for your cooperation on this matter and look forward to your reply.

----------

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

Answer 2

We are having the exact same problem. It's complaining about a bad existing cert while trying to create one, and we can't delete it (or any of them). The save is gray and when you navigate away it says the changes will be lost, but like I said you can't save. It's been working for years. It worked a month ago.

Answer 3

Thanks for help. I send support ticket.