New-AzVpnClientRootCertificate

Creates a new VPN client root certificate.

Syntax

New-AzVpnClientRootCertificate
   -Name <String>
   -PublicCertData <String>
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]

Description

The New-AzVpnClientRootCertificate cmdlet creates a new VPN root certificate for use on a virtual network gateway. Root certificates are X.509 certificates that identify your Root Certification Authority: all other certificates used on the gateway trust the root certificate. This cmdlet creates a stand-alone certificate that is not assigned to a virtual gateway. Instead, the certificate created by New-AzVpnClientRootCertificate is used in conjunction with the New-AzVirtualNetworkGateway cmdlet when creating a new gateway. For example, suppose you create a new certificate and store it in a variable named $Certificate. You can then use that certificate object when creating a new virtual gateway. For instance, New-AzVirtualNetworkGateway -Name "ContosoVirtualGateway" -ResourceGroupName "ContosoResourceGroup" -Location "West US" -GatewayType "VPN" -IpConfigurations $Ipconfig -VPNType "RouteBased" -VpnClientRootCertificates $Certificate For more information, see the documentation for the New-AzVirtualNetworkGateway cmdlet.

Examples

Example 1: Create a client root certificate

$Text = Get-Content -Path "C:\Azure\Certificates\ExportedCertificate.cer"
$CertificateText = for ($i=1; $i -lt $Text.Length -1 ; $i++){$Text[$i]}
$Certificate = New-AzVpnClientRootCertificate -PublicCertData $CertificateText -Name "ContosoClientRootCertificate"

This example creates a client root certificate and store the certificate object in a variable named $Certificate. This variable can then be used by the New-AzVirtualNetworkGateway cmdlet to add a root certificate to a new virtual network gateway. The first command uses the Get-Content cmdlet to get a previously exported text representation of the root certificate; that text data is stored in a variable named $Text. The second command then uses a for loop to extract all the text except for the first line and the last line, storing the extracted text in a variable named $CertificateText. The third command uses the New-AzVpnClientRootCertificate cmdlet to create the certificate, storing the created object in a variable named $Certificate.

Parameters

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specifies a name for the new client root certificate.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-PublicCertData

Specifies a text representation of the root certificate to be added. To obtain the text representation, export your certificate in .cer format (using Base64 encoding), then open the resulting file in a text editor. You should see output similar to this (note that the actual output will contain many more lines of text than the abbreviated sample shown here): ----- BEGIN CERTIFICATE ----- MIIC13FAAXC3671Auij9HHgUNEW8343NMJklo09982CVVFAw8w ----- END CERTIFICATE ----- The PublicCertData is made up of all the lines between the first line (----- BEGIN CERTIFICATE -----) and the last line (----- END CERTIFICATE -----) in the file. You can retrieve the PublicCertData by using Windows PowerShell commands similar to this: $Text = Get-Content -Path "C:\Azure\Certificates\ExportedCertificate.cer" $CertificateText = for ($i=1; $i -lt $Text.Length -1 ; $i++){$Text[$i]}

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

Inputs

String

Outputs

PSVpnClientRootCertificate