You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-wan/global-hub-profile.md
+6-5Lines changed: 6 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -66,21 +66,22 @@ By default, every hub that uses the same User VPN Configuration is included in t
66
66
67
67
### Global profile best practices
68
68
69
-
#### Add multiple server validation certificates
69
+
#### Add Multiple server validation certificates
70
70
71
71
This section pertains connections using the OpenVPN tunnel type and the Azure VPN Client version 2.1963.44.0 or higher.
72
72
73
73
When you configure a hub P2S gateway, Azure assigns an internal certificate to the gateway. This is different than the root certificate information that you specify when you want to use Certificate Authentication as your authentication method. The internal certificate that is assigned to the hub is used for all authentication types. This value is represented in the profile configuration files that you generate as *servervalidation/cert/hash*. The VPN client uses this value as part of the connection process.
74
74
75
-
If you have multiple hubs in different geographic regions, each hub can use a different Azure-level server validation certificate. However, the global profile only contains the server validation certificate hash value for 1 of the hubs. This means that if the certificate for that hub isn't working properly for any reason, the client doesn't have the necessary server validation certificate hash value for the other hubs.
75
+
If you have multiple hubs in different geographic regions, each hub can use a different Azure-level server validation certificate. The global profile contains the server validation certificate hash value for all of the hubs. This means that if the certificate for that hub isn't working properly for any reason, the client will still have the necessary server validation certificate hash value for the other hubs.
76
76
77
-
As a best practice, we recommend that you update your VPN client profile configuration file to include the certificate hash value of all the hubs that are attached to the global profile, and then configure the Azure VPN Client using the updated file.
77
+
> [!IMPORTANT]
78
+
> Configuring the Azure VPN client with certificate hash value of all the hubs is required only if the hubs have different server root issuers.
78
79
79
-
1. To view the server validation certificate hash for each hub, generate and download the [hub profile](#hub) files for each of the hubs that are part of the global profile. Use a text editor to view profile information contained in the **azurevpnconfig.xml** file. This file is typically found in the **AzureVPN** folder. Note the server validation certificate hash for each hub.
80
+
As a best practice, we recommend that you update your VPN client profile configuration file to include the certificate hash value of all the hubs that are attached to the global profile, and then configure the Azure VPN Client using the updated file.
80
81
81
82
1. Generate and download the [global profile](#global) files. Use a text editor to open the **azurevpnconfig.xml** file.
82
83
83
-
1.Using the following xml example, configure the global profile file to include the server validation certificate hashes from the hubs that you want to include. Configure the Azure VPN Client using the edited profile configuration file.
84
+
1.Given the following xml example, configure the Azure VPN Client using the global profile configuration file that contains server validation certificate hash for each hub.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments