Azure VPN 憑證過期處理筆記
徵狀
問題
處置
其實就是要重新跑一次產憑證的流程
參照
產生及匯出 P2S 的憑證:PowerShell - Azure VPN Gateway | Microsoft Docs
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=P2SRootCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature `
-Subject "CN=P2SChildCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
匯出根憑證 (之後到 Azure VPN 上新增)
![螢幕擷取畫面顯示 [憑證] 視窗,已依序選取 [所有工作] 及 [匯出]。](https://docs.microsoft.com/zh-tw/azure/includes/media/vpn-gateway-certificates-export-public-key-include/export.png)
匯出用戶端憑證 (給其他要用 VPN 的人安裝到他們電腦上用)
![螢幕擷取畫面顯示 [憑證] 視窗,已選取 [所有工作] 和 [匯出]。](https://docs.microsoft.com/zh-tw/azure/includes/media/vpn-gateway-certificates-export-client-cert-include/export-certificate.png)
![螢幕擷取畫面顯示已選取 [是,匯出私密金鑰]。](https://docs.microsoft.com/zh-tw/azure/includes/media/vpn-gateway-certificates-export-client-cert-include/yes-export.png)
TODO: 後面這幾步如果可以用 PowerShell 指定操作,日後可能比較方便
