Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,394 questions
What options are there for managing Azure VPN Client Certificates?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 41%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Jeremy
136
Reputation points
I am planning to use Azure's Point-to-Site (P2S) solution for remotely connecting users to our Azure network via OpenVPN.
As I have users logging in from both Windows and Linux, it seems that I will need to use Client Credential style authentication.
The documentation shows how to make a client certificate using powershell or linux commands. (I've linked the powershell, as the linux commands didn't work for me)
My question is: What options are out there for managing (creating and storing) the client certificates that I need to generate for all my users?
I thought the Azure Key Vault might be useful but it only really deals with SSL certs. I don't think managing this list in a Spreadsheet is a very secure solution.
Ideally the solution would:
- Be free/open source
- Be part of Azure's tools (or if not, maybe be something lightweight like an ubuntu server app)
- Simplify the generation of the client certs.
- Allow me to name and view all past created certificates under a given root certificate
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT 23,106 Reputation points Microsoft Employee2022-04-13T17:36:23.703+00:00 Hello @Jeremy , apologies for the delayed response here. I have reached out to the team internally regarding this issue and I will make an update here as soon as I get a response. Thank you!
-
Jeremy 136 Reputation points
2022-04-25T14:46:01.347+00:00 Thanks @ChaitanyaNaykodi-MSFT
I guess you haven't heard from the team yet? It's looking like I'm unfortunately going to have to go the old Spreadsheet route.
-
ChaitanyaNaykodi-MSFT 23,106 Reputation points Microsoft Employee
2022-04-25T21:28:12.467+00:00 Hello @Jeremy , apologies for the delayed response here. I am still awaiting a response from the team. I have followed up with them. I will make an update here as soon as I get a response. Thank you for your patience throughout this process.
-
ChaitanyaNaykodi-MSFT 23,106 Reputation points Microsoft Employee
2022-05-02T01:11:54.96+00:00 Hello @Jeremy , Apologies for the delayed response here. I got a response back from the team, unfortunately the team does not have any recommendations for this scenario, however you can use Microsoft Certificate Service if you are using Active Directory.
It will be helpful if you could create a feedback item for this request on our feedback portal. Thank you!
Sign in to comment