As a reference guide for creating Root Certificate for Point to Site VPN connection, I have gone through some web links.
In all links, I found, Root Certificate and Client Certificate are created but on Azure Portal, only Root Certificate information has been added at Virtual Gateway Network’s P2S Connection.
Then, why Client Certificate has been created as it was not added on the Azure portal?
Regards
TekQ
When you use Azure certificate authentication type in the point-to-site configuration in the virtual network gateway. You upload the root certificate (including the public key information) to the Azure portal, which is considered to be "trust" by Azure for connection over P2S to the virtual network. A client certificate that is generated from the root certificate. The client certificate (including the private key information) installed on each client computer that will connect to the VNet. This certificate is used for client authentication. That means only the client who installed a client certificate are allowed to connect to this P2S VPN connection.