I developed an automation script based on Microsoft documentation and based on this article . The script was written in PowerShell and made my work life easier regarding of making VPN Child certificates for the users.
The script creates multiple temporary directories, on each directory a child certificate is created and is exported into a pfx format with an auto generated password saved on a txt file.
The child certificates lasts 3 years but you can modify the script to last longer than 3 years.
In addition this script copy-paste on each directory the Instructions.docx that you may want to provide to the user and the Azure VPN client (that you need to download it from your Azure portal).
Finally it archive all the directories indidual and cleaning the temporary directories.
- First of all, create the root certificate on your computer that will expire in 3 years using the following powershell commands:
- Note the thumbprint of the root certificate, use the Microsoft documentantion to export the certificate and import it on Azure Portal.
- Download the Azure VPN Client from Azure Portal.
- Modify the script on your needs and execute it to generate multiple child certificates.
$date_now = Get-Date
$extended_date = $date_now.AddYears(3)
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject “CN=P2SRootCert” -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation “Cert:\CurrentUser\My” -KeyUsageProperty Sign -KeyUsage CertSign -Notafter $extended_date