VPN Certificates
If the user needs a new certificate for their VPN since the old one has expired, please do the following.
If your account has never made a certificate in the THD environment you will need to start with the following. This only needs to be done once.
- Log into THD-FS2 (10.16.84.16)
- Open MMC
- File > Add/Remove snap-in
- Certificate > Add
- My User Account > Finish
- Right click on Personal > All Tasks > Import
- Make suer your user is selected
- Brows to C:\support\justin
- Choose to view ALL FILES and import azure-p2s.pfx
- Select next and enter the password, Denver15
- Make sure to include all extended properties.
- Make sure to place all certs in Personal, then finish.
Once that is done, you will be able to generate certificates for the THD VPN. Please do the following to make one.
- Log into THD-FS2 (10.13.84.16)
- Open Powershell ISE
- Copy and paste the following script into the powershell window
- $cert = Get-ChildItem -Path "Cert:\CurrentUser\My\702ED22C2F80831344C4D34269EBF120938DEBA9"
New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature `
-Subject "CN=UserName" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 -NotAfter (Get-Date).AddMonths(36) `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
Replace UserName with the name of the User.
Click the play button to run the script.
Open MMC
File > Add/Remove Snap-Ins > Certificates > Add > My account > Ok > Finish
-
Navigate to Certificates - Current User > Personal > Certificates
Select the certificate you created.
-
Right Click > All Tasks > Export
Next
Export the private key
Next
-
Export all extended properties.
Next
-
Check password and set a password
Click Browse
Navigate to C:\Support\AzureVPN
Enter the File Name and click save
Finish exporting the file.
Navigate to C:\Support\AzureVPN in File Explorer
Move the certificate to your desktop off of the remote.
Now that we have the certificate, use the steps below to install it. If it is a new VPN install, not one that is pre-existing, you will also need the files attached.
- Transfer all files to the user's computer, in a place you can easily access. I recommend creating a folder on the C drive, we usually make one titled support
- Open the certificate you created
- It should look like this
- Next, then next again
- Enter the password you created, then next
- Select Place all certificates in the following store, choose browse, then choose personal.
- Click next, then click finish. If you are replacing an expired VPN certificate you are done here. If you are setting up the VPN on the computer for the first time please continue onto the next step.
- Open the certificate starting with 74c9baa0
- Click Install Certificate
- Click on local machine
- Click on next, this will require admin elevation.
- Click on Place all Certificates in the following Store > Browse > Trusted Root Certification Authorities
- Next > Finish
- Now that we have both certifications imported, we need to run a powershell script to install the actual VPN tunnel.
- Open a powershell window as an administrator.
- Run the command Set-ExecutionPolicy bypass
- Run the THD-AzureVPN.ps1 script
- Close the powershell window.
After that the VPN will be installed and accessible to the user.