New-AzureRmVpnClientRootCertificate

Creates a new VPN client root certificate.

Warning

The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.

Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.

Syntax

New-AzureRmVpnClientRootCertificate
   -Name <String>
   -PublicCertData <String>
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]

Description

The New-AzureRmVpnClientRootCertificate cmdlet creates a new VPN root certificate for use on a virtual network gateway. Root certificates are X.509 certificates that identify your Root Certification Authority: all other certificates used on the gateway trust the root certificate. This cmdlet creates a stand-alone certificate that is not assigned to a virtual gateway. Instead, the certificate created by New-AzureRmVpnClientRootCertificate is used in conjunction with the New-AzureRmVirtualNetworkGateway cmdlet when creating a new gateway. For example, suppose you create a new certificate and store it in a variable named $Certificate. You can then use that certificate object when creating a new virtual gateway. For instance, New-AzureRmVirtualNetworkGateway -Name "ContosoVirtualGateway" -ResourceGroupName "ContosoResourceGroup" -Location "West US" -GatewayType "VPN" -IpConfigurations $Ipconfig -VPNType "RouteBased" -VpnClientRootCertificates $Certificate For more information, see the documentation for the New-AzureRmVirtualNetworkGateway cmdlet.

Examples

Example 1: Create aclient root certificate

PS C:\> $Text = Get-Content -Path "C:\Azure\Certificates\ExportedCertficate.cer"
PS C:\> $CertificateText = for ($i=1; $i -lt $Text.Length -1 ; $i++){$Text[$i]}
PS C:\> $Certificate = New-AzureRmVpnClientRootCertificate -PublicCertData $CertificateText -Name "ContosoClientRootCertificate"

This example creates a client root certificate and store the certificate object in a variable named $Certificate. This variable can then be used by the New-AzureRmVirtualNetworkGateway cmdlet to add a root certificate to a new virtual network gateway. The first command uses the Get-Content cmdlet to get a previously exported text representation of the root certificate; that text data is stored in a variable named $Text. The second command then uses a for loop to extract all the text except for the first line and the last line, storing the extracted text in a variable named $CertificateText. The third command uses the New-AzureRmVpnClientRootCertificate cmdlet to create the certificate, storing the created object in a variable named $Certificate.

Parameters

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specifies a name for the new client root certificate.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-PublicCertData

Specifies a text representation of the root certificate to be added. To obtain the text representation, export your certificate in .cer format (using Base64 encoding), then open the resulting file in a text editor. You should see output similar to this (note that the actual output will contain many more lines of text than the abbreviated sample shown here): ----- BEGIN CERTIFICATE ----- MIIC13FAAXC3671Auij9HHgUNEW8343NMJklo09982CVVFAw8w ----- END CERTIFICATE ----- The PublicCertData is made up of all the lines between the first line (----- BEGIN CERTIFICATE -----) and the last line (----- END CERTIFICATE -----) in the file. You can retrieve the PublicCertData by using Windows PowerShell commands similar to this: $Text = Get-Content -Path "C:\Azure\Certificates\ExportedCertficate.cer" $CertificateText = for ($i=1; $i -lt $Text.Length -1 ; $i++){$Text[$i]}

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

Inputs

String

Outputs

PSVpnClientRootCertificate