I am unable to understand the certificate requirement for Azure Point to Site VPN. I am of the understanding that whenever a certificate is generated by Enterprise CA, it has a public and private key. Hence when we upload the Root Certificate to Azure VPN, we need to upload with BOTH private and public key. Is my understanding correct? Also, the root certificate, with only the public key, must be installed in the user(client) machines. Additionally, the user(client) machines must have client certificates, with only public key, that are generated from the root certificate
Please let me know if my understanding is correct.
Azure Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer. A P2S connection is established by starting it from the client computer.
Certificates are used by Azure to authenticate clients connecting to a VNet over a Point-to-Site VPN connection.
First you need to generate a root certificate, then upload the public key information to Azure. The root certificate and future client certificates are then considered 'trusted' by Azure for connection over P2S to the virtual network. (You can use either a root certificate that was generated with an enterprise solution, or generate a self-signed certificate)
Then you need to generate client certificates from the trusted root certificate, and install them on each client computer. The client certificate is used to authenticate the client when it initiates a connection to the P2S VPN(VNet).
Azure P2S VPN needs only root certificate and client machines need only client certificates.