New-AzVpnClientRootCertificate
Creates a new VPN client root certificate.
Syntax
New-AzVpnClientRootCertificate
-Name <String>
-PublicCertData <String>
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Description
The New-AzVpnClientRootCertificate cmdlet creates a new VPN root certificate for use on a virtual network gateway.
Root certificates are X.509 certificates that identify your Root Certification Authority: all other certificates used on the gateway trust the root certificate.
This cmdlet creates a stand-alone certificate that is not assigned to a virtual gateway.
Instead, the certificate created by New-AzVpnClientRootCertificate is used in conjunction with the New-AzVirtualNetworkGateway cmdlet when creating a new gateway.
For example, suppose you create a new certificate and store it in a variable named $Certificate.
You can then use that certificate object when creating a new virtual gateway.
For instance,
New-AzVirtualNetworkGateway -Name "ContosoVirtualGateway" -ResourceGroupName "ContosoResourceGroup" -Location "West US" -GatewayType "VPN" -IpConfigurations $Ipconfig -VPNType "RouteBased" -VpnClientRootCertificates $Certificate
For more information, see the documentation for the New-AzVirtualNetworkGateway cmdlet.
Examples
Example 1: Create a client root certificate
$Text = Get-Content -Path "C:\Azure\Certificates\ExportedCertificate.cer"
$CertificateText = for ($i=1; $i -lt $Text.Length -1 ; $i++){$Text[$i]}
$Certificate = New-AzVpnClientRootCertificate -PublicCertData $CertificateText -Name "ContosoClientRootCertificate"
This example creates a client root certificate and store the certificate object in a variable named $Certificate. This variable can then be used by the New-AzVirtualNetworkGateway cmdlet to add a root certificate to a new virtual network gateway. The first command uses the Get-Content cmdlet to get a previously exported text representation of the root certificate; that text data is stored in a variable named $Text. The second command then uses a for loop to extract all the text except for the first line and the last line, storing the extracted text in a variable named $CertificateText. The third command uses the New-AzVpnClientRootCertificate cmdlet to create the certificate, storing the created object in a variable named $Certificate.
Parameters
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure.
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Name
Specifies a name for the new client root certificate.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PublicCertData
Specifies a text representation of the root certificate to be added. To obtain the text representation, export your certificate in .cer format (using Base64 encoding), then open the resulting file in a text editor. You should see output similar to this (note that the actual output will contain many more lines of text than the abbreviated sample shown here): ----- BEGIN CERTIFICATE ----- MIIC13FAAXC3671Auij9HHgUNEW8343NMJklo09982CVVFAw8w ----- END CERTIFICATE ----- The PublicCertData is made up of all the lines between the first line (----- BEGIN CERTIFICATE -----) and the last line (----- END CERTIFICATE -----) in the file. You can retrieve the PublicCertData by using Windows PowerShell commands similar to this: $Text = Get-Content -Path "C:\Azure\Certificates\ExportedCertificate.cer" $CertificateText = for ($i=1; $i -lt $Text.Length -1 ; $i++){$Text[$i]}
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Inputs
Outputs
Related Links
Commentaires
https://aka.ms/ContentUserFeedback.
Bientôt disponible : Tout au long de 2024, nous allons supprimer progressivement GitHub Issues comme mécanisme de commentaires pour le contenu et le remplacer par un nouveau système de commentaires. Pour plus d’informations, consultezEnvoyer et afficher des commentaires pour