Merge pull request #203968 from cherylmc/certificates-includes

new article and refreshes

Author: Stacyrch140

articles/virtual-wan/TOC.yml

@@ -157,6 +157,8 @@
           href: virtual-wan-point-to-site-azure-ad.md
     - name: Generate certificates
       href: certificates-point-to-site.md
+    - name: Install client certificates
+      href: install-client-certificates.md
     - name: Configure Azure AD tenant
       href: openvpn-azure-ad-tenant.md
     - name: VPN client profiles
@@ -171,16 +173,12 @@
       items:
         - name: Azure AD authentication
           items:
-            - name: Windows
+            - name: Windows 10
               href: openvpn-azure-ad-client.md
             - name: macOS
               href: openvpn-azure-ad-client-mac.md
         - name: OpenVPN client software configuration
           href: howto-openvpn-clients.md
-        - name: Azure VPN client optional settings
-          items:
-          - name: Windows
-            href: azure-vpn-client-optional-configurations-windows.md
     - name: Multi-Factor Authentication(MFA)
       href: openvpn-azure-ad-mfa.md   
     - name: Multi-application Azure AD authentication

articles/virtual-wan/certificates-point-to-site.md

@@ -1,23 +1,28 @@
 ---
-title: 'Generate and export certificates for User VPN connections | Azure Virtual WAN'
+title: 'Generate and export certificates for User VPN P2S connections: PowerShell'
+titleSuffix: Azure Virtual WAN
 description: Learn how to create a self-signed root certificate, export a public key, and generate client certificates for Virtual WAN User VPN (point-to-site) connections using PowerShell.
-services: virtual-wan
 author: cherylmc
-
 ms.service: virtual-wan
 ms.topic: how-to
-ms.date: 04/27/2021
+ms.date: 07/06/2022
 ms.author: cherylmc
 
 ---
-# Generate and export certificates for User VPN connections
+# Generate and export certificates for User VPN connections using PowerShell
+
+User VPN (point-to-site) configurations can be configured to require certificates to authenticate. This article shows you how to create a self-signed root certificate and generate client certificates using PowerShell on Windows 10 (or later) or Windows Server 2016 (or later).
+
+The PowerShell cmdlets that you use to generate certificates are part of the operating system and don't work on other versions of Windows. The host operating system is only used to generate the certificates. Once the certificates are generated, you can upload them or install them on any supported client operating system.
+
+If you don't have a computer that meets the operating system requirement, you can use [MakeCert](../vpn-gateway/vpn-gateway-certificates-point-to-site-makecert.md) to generate certificates. The certificates that you generate using either method can be installed on any supported client operating system.
 
-User VPN (point-to-site) connections use certificates to authenticate. This article shows you how to create a self-signed root certificate and generate client certificates using PowerShell on Windows 10 or Windows Server 2016.
+[!INCLUDE [Generate and export - this include is for both vpn-gateway and virtual-wan](../../includes/vpn-gateway-generate-export-certificates-include.md)]
 
-You must perform the steps in this article on a computer running Windows 10 or Windows Server 2016. The PowerShell cmdlets that you use to generate certificates are part of the operating system and do not work on other versions of Windows. The Windows 10 or Windows Server 2016 computer is only needed to generate the certificates. Once the certificates are generated, you can upload them, or install them on any supported client operating system.
+## Install an exported client certificate
 
-[!INCLUDE [Export public key](../../includes/vpn-gateway-generate-export-certificates-include.md)]
+Each client that connects over a P2S connection requires a client certificate to be installed locally. For steps to install a certificate, see [Install client certificates](install-client-certificates.md).
 
 ## Next steps
 
-Continue with the [Virtual WAN steps for user VPN connection](virtual-wan-point-to-site-portal.md#p2sconfig).
+Continue with the [Virtual WAN steps for user VPN connections](virtual-wan-point-to-site-portal.md#p2sconfig).

articles/virtual-wan/install-client-certificates.md

@@ -0,0 +1,32 @@
+---
+title: 'Install a User VPN P2S client certificate'
+titleSuffix: Azure Virtual WAN
+description: Learn how to install client certificates for User VPN P2S certificate authentication - Windows, Mac, Linux.
+author: cherylmc
+ms.service: virtual-wan
+ms.topic: how-to
+ms.date: 07/06/2022
+ms.author: cherylmc
+
+---
+# Install client certificates for User VPN connections
+
+When a Virtual WAN User VPN P2S configuration is configured for certificate authentication, each client computer must have a client certificate installed locally. This article helps you install a client certificate locally on a client computer. You can also use [Intune](/mem/intune/configuration/vpn-settings-configure) to install certain VPN client profiles and certificates.
+
+If you want to generate a client certificate, see [Generate and export certificates for User VPN connections](certificates-point-to-site.md).
+
+## <a name="installwin"></a>Windows
+
+[!INCLUDE [Install on Windows](../../includes/vpn-gateway-certificates-install-client-cert-include.md)]
+
+## <a name="installmac"></a>macOS
+
+[!INCLUDE [Install on Mac](../../includes/vpn-gateway-certificates-install-mac-client-cert-include.md)]
+
+## <a name="installlinux"></a>Linux
+
+The Linux client certificate is installed on the client as part of the client configuration. Use the VPN Gateway [Client configuration - Linux](../vpn-gateway/point-to-site-vpn-client-cert-linux.md) instructions.
+
+## Next steps
+
+Continue with the [Virtual WAN User VPN](virtual-wan-point-to-site-portal.md#p2sconfig) configuration steps.

articles/vpn-gateway/vpn-gateway-certificates-point-to-site.md

@@ -1,35 +1,31 @@
 ---
 title: 'Generate and export certificates for P2S: PowerShell'
 titleSuffix: Azure VPN Gateway
-description: Learn how to create a self-signed root certificate, export a public key, and generate client certificates for VPN Gateway Point-to-Site connections.
-services: vpn-gateway
+description: Learn how to create a self-signed root certificate, export a public key, and generate client certificates for VPN Gateway point-to-site connections.
 author: cherylmc
-
 ms.service: vpn-gateway
 ms.topic: how-to
-ms.date: 06/03/2021
+ms.date: 07/06/2022
 ms.author: cherylmc
 
 ---
-# Generate and export certificates for Point-to-Site using PowerShell
+# Generate and export certificates for point-to-site using PowerShell
 
-Point-to-Site connections use certificates to authenticate. This article shows you how to create a self-signed root certificate and generate client certificates using PowerShell on Windows 10 or later, or Windows Server 2016. If you are looking for different certificate instructions, see [Certificates - Linux](vpn-gateway-certificates-point-to-site-linux.md) or [Certificates - MakeCert](vpn-gateway-certificates-point-to-site-makecert.md).
+Point-to-site connections use certificates to authenticate. This article shows you how to create a self-signed root certificate and generate client certificates using PowerShell on Windows 10 or later, or Windows Server 2016 or later.
 
-The steps in this article apply to Windows 10 or later, or Windows Server 2016. The PowerShell cmdlets that you use to generate certificates are part of the operating system and do not work on other versions of Windows. The Windows 10 or later, or Windows Server 2016 computer is only needed to generate the certificates. Once the certificates are generated, you can upload them, or install them on any supported client operating system.
+The PowerShell cmdlets that you use to generate certificates are part of the operating system and don't work on other versions of Windows. The host operating system is only used to generate the certificates. Once the certificates are generated, you can upload them or install them on any supported client operating system.
 
-If you do not have access to a Windows 10 or later, or Windows Server 2016 computer, you can use [MakeCert](vpn-gateway-certificates-point-to-site-makecert.md) to generate certificates. The certificates that you generate using either method can be installed on any [supported](vpn-gateway-howto-point-to-site-resource-manager-portal.md#faq) client operating system.
+If you don't have a computer that meets the operating system requirement, you can use [MakeCert](vpn-gateway-certificates-point-to-site-makecert.md) to generate certificates. The certificates that you generate using either method can be installed on any [supported](vpn-gateway-howto-point-to-site-resource-manager-portal.md#faq) client operating system.
 
-[!INCLUDE [generate and export certificates](../../includes/vpn-gateway-generate-export-certificates-include.md)]
+[!INCLUDE [Generate and export - this include is for both vpn-gateway and virtual-wan](../../includes/vpn-gateway-generate-export-certificates-include.md)]
 
 ## <a name="install"></a>Install an exported client certificate
 
-Each client that connects to the VNet over a P2S connection requires a client certificate to be installed locally.
-
-To install a client certificate, see [Install a client certificate for Point-to-Site connections](point-to-site-how-to-vpn-client-install-azure-cert.md).
+Each client that connects over a P2S connection requires a client certificate to be installed locally. To install a client certificate, see [Install a client certificate for point-to-site connections](point-to-site-how-to-vpn-client-install-azure-cert.md).
 
 ## Next steps
 
-Continue with your Point-to-Site configuration.
+Continue with your point-to-site configuration.
 
 * For **Resource Manager** deployment model steps, see [Configure P2S using native Azure certificate authentication](vpn-gateway-howto-point-to-site-resource-manager-portal.md).
-* For **classic** deployment model steps, see [Configure a Point-to-Site VPN connection to a VNet (classic)](vpn-gateway-howto-point-to-site-classic-azure-portal.md).
+* For **classic** deployment model steps, see [Configure a point-to-site VPN connection to a VNet (classic)](vpn-gateway-howto-point-to-site-classic-azure-portal.md).