安裝用於 P2S 憑證驗證連線的用戶端憑證Install client certificates for P2S certificate authentication connections

使用 Azure 點對站憑證驗證來連線到虛擬網路的所有用戶端都必須有用戶端憑證。All clients that connect to a virtual network using Point-to-Site Azure certificate authentication require a client certificate. 本文可協助您安裝使用 P2S 連線至 VNet 時要供驗證使用的用戶端憑證。This article helps you install a client certificate that is used for authentication when connecting to a VNet using P2S.

取得用戶端憑證Acquire a client certificate

無論您想要從哪個用戶端作業系統進行連線,都必須一律使用戶端憑證。No matter what client operating system you want to connect from, you must always have a client certificate. 您可以透過使用企業 CA 解決方案所產生的根憑證來產生用戶端憑證,也可以透過自我簽署的根憑證來產生。You can generate a client certificate from either a root certificate that was generated using an Enterprise CA solution, or a self-signed root certificate. 請參閱 PowerShellMakeCertLinux 指示,來取得產生用戶端憑證的步驟。See the PowerShell, MakeCert, or Linux instructions for steps to generate a client certificate.

WindowsWindows

如果您想要從不同於用來產生用戶端憑證的用戶端電腦建立 P2S 連線,您需要安裝用戶端憑證。If you want to create a P2S connection from a client computer other than the one you used to generate the client certificates, you need to install a client certificate. 安裝用戶端憑證時,您需要匯出用戶端憑證時所建立的密碼。When installing a client certificate, you need the password that was created when the client certificate was exported.

  1. 找出 .pfx 檔案並複製到用戶端電腦。Locate and copy the .pfx file to the client computer. 在用戶端電腦上,按兩下 .pfx 檔案以安裝。On the client computer, double-click the .pfx file to install. 將 [ 存放區位置 ] 保留為 [ 目前使用者 ],然後選取 [下一步]Leave the Store Location as Current User , and then select Next .
  2. 在 [要匯入的檔案] 頁面上,請勿進行任何變更。On the File to import page, don't make any changes. 選取 [下一步] 。Select Next .
  3. 在 [ 私密金鑰保護 ] 頁面上,輸入憑證的密碼,或確認安全性主體是否正確,然後選取 [下一步]On the Private key protection page, input the password for the certificate, or verify that the security principal is correct, then select Next .
  4. 在 [ 憑證存放區 ] 頁面上,保留預設位置,然後選取 [下一步]On the Certificate Store page, leave the default location, and then select Next .
  5. 選取 [完成]。Select Finish . 在 [憑證安裝的 安全性警告 ] 上,選取 [ 是]On the Security Warning for the certificate installation, select Yes . 您可以針對此安全性警告輕鬆地選取 [是],因為您產生的是憑證。You can comfortably select 'Yes' for this security warning because you generated the certificate.
  6. 現在已成功匯入憑證。The certificate is now successfully imported.

MacMac

注意

只有 Resource Manager 部署模型能支援 Mac VPN 用戶端。Mac VPN clients are supported for the Resource Manager deployment model only. 傳統部署模型則不支援。They are not supported for the classic deployment model.

安裝用戶端憑證時,您需要匯出用戶端憑證時所建立的密碼。When installing a client certificate, you need the password that was created when the client certificate was exported.

  1. 找到 .pfx 憑證檔,並將它複製到 Mac。Locate the .pfx certificate file and copy it to your Mac. 您可以透過幾種方式將憑證放到 Mac 上,例如,您可以用電子郵件傳送憑證檔。You can get the certificate to the Mac in several ways, for example, you can email the certificate file.

  2. 在將憑證複製到 Mac 後,對該憑證按兩下以開啟 [新增憑證]**** 方塊,然後按一下 [新增]**** 開始安裝。After the certificate copied to the Mac, double-click the certificate to open the Add Certificates box, the click Add to begin the install.

    新增憑證

  3. 輸入您在匯出用戶端憑證時所建立的密碼。Enter the password that you created when the client certificate was exported. 此密碼會保護憑證的私密金鑰。The password protects the private key of the certificate. 按一下 [確定]**** 完成安裝。Click OK to complete the installation.

    螢幕擷取畫面會顯示一個對話方塊,提示您輸入密碼。

LinuxLinux

Linux 用戶端憑證會安裝在用戶端,是用戶端組態的一部分。The Linux client certificate is installed on the client as part of the client configuration. 如需相關指示,請參閱用戶端組態 - LinuxSee Client configuration - Linux for instructions.

後續步驟Next steps

請繼續進行點對站設定步驟,以建立和安裝 VPN 用戶端組態檔Continue with the Point-to-Site configuration steps to Create and install VPN client configuration files.