Generate Client Certificates - philipf/notebook GitHub Wiki

Root certificate

$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=PhilipsCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign

Client certificate

Make sure the PowerShell session still have a reference to $cert in the previous step.

New-SelfSignedCertificate -Type Custom -DnsName myclient.notnot.ninja -KeySpec Signature `
-Subject "CN=myclient.notnot.ninja" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")

Export Certificates

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site