New-AzVpnClientRootCertificate
Creates a new VPN client root certificate.
Syntax
New-AzVpnClientRootCertificate
-Name <String>
-PublicCertData <String>
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Description
The New-AzVpnClientRootCertificate cmdlet creates a new VPN root certificate for use on a virtual network gateway.
Root certificates are X.509 certificates that identify your Root Certification Authority: all other certificates used on the gateway trust the root certificate.
This cmdlet creates a stand-alone certificate that is not assigned to a virtual gateway.
Instead, the certificate created by New-AzVpnClientRootCertificate is used in conjunction with the New-AzVirtualNetworkGateway cmdlet when creating a new gateway.
For example, suppose you create a new certificate and store it in a variable named $Certificate.
You can then use that certificate object when creating a new virtual gateway.
For instance,
New-AzVirtualNetworkGateway -Name "ContosoVirtualGateway" -ResourceGroupName "ContosoResourceGroup" -Location "West US" -GatewayType "VPN" -IpConfigurations $Ipconfig -VPNType "RouteBased" -VpnClientRootCertificates $Certificate
For more information, see the documentation for the New-AzVirtualNetworkGateway cmdlet.
Examples
Example 1: Create a client root certificate
$Text = Get-Content -Path "C:\Azure\Certificates\ExportedCertificate.cer"
$CertificateText = for ($i=1; $i -lt $Text.Length -1 ; $i++){$Text[$i]}
$Certificate = New-AzVpnClientRootCertificate -PublicCertData $CertificateText -Name "ContosoClientRootCertificate"This example creates a client root certificate and store the certificate object in a variable named $Certificate. This variable can then be used by the New-AzVirtualNetworkGateway cmdlet to add a root certificate to a new virtual network gateway. The first command uses the Get-Content cmdlet to get a previously exported text representation of the root certificate; that text data is stored in a variable named $Text. The second command then uses a for loop to extract all the text except for the first line and the last line, storing the extracted text in a variable named $CertificateText. The third command uses the New-AzVpnClientRootCertificate cmdlet to create the certificate, storing the created object in a variable named $Certificate.
Parameters
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
Specifies a name for the new client root certificate.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PublicCertData
Specifies a text representation of the root certificate to be added. To obtain the text representation, export your certificate in .cer format (using Base64 encoding), then open the resulting file in a text editor. You should see output similar to this (note that the actual output will contain many more lines of text than the abbreviated sample shown here): ----- BEGIN CERTIFICATE ----- MIIC13FAAXC3671Auij9HHgUNEW8343NMJklo09982CVVFAw8w ----- END CERTIFICATE ----- The PublicCertData is made up of all the lines between the first line (----- BEGIN CERTIFICATE -----) and the last line (----- END CERTIFICATE -----) in the file. You can retrieve the PublicCertData by using Windows PowerShell commands similar to this: $Text = Get-Content -Path "C:\Azure\Certificates\ExportedCertificate.cer" $CertificateText = for ($i=1; $i -lt $Text.Length -1 ; $i++){$Text[$i]}
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Inputs
Outputs
Related Links
Azure PowerShell