Merge pull request #279042 from cherylmc/pfx-linux

certificate formats

Author: denrea

articles/vpn-gateway/TOC.yml

@@ -163,14 +163,18 @@
             href: point-to-site-vpn-client-certificate-openvpn-ios.md
       - name: Generate self-signed certificates
         items:
-        - name: Azure PowerShell
-          href: vpn-gateway-certificates-point-to-site.md
-        - name: Makecert
-          href: vpn-gateway-certificates-point-to-site-makecert.md
-        - name: Linux - OpenSSL
-          href: point-to-site-certificates-linux-openssl.md
-        - name: Linux - strongSwan
-          href: vpn-gateway-certificates-point-to-site-linux.md
+        - name: .cer and .pfx files
+          items:
+           - name: Azure PowerShell
+             href: vpn-gateway-certificates-point-to-site.md
+           - name: Makecert
+             href: vpn-gateway-certificates-point-to-site-makecert.md
+        - name: .pem files
+          items:
+          - name: Linux - OpenSSL
+            href: point-to-site-certificates-linux-openssl.md
+          - name: Linux - strongSwan
+            href: vpn-gateway-certificates-point-to-site-linux.md
       - name: Install VPN client certificates
         href: point-to-site-how-to-vpn-client-install-azure-cert.md
     - name: Microsoft Entra ID authentication

articles/vpn-gateway/point-to-site-certificates-linux-openssl.md

@@ -6,12 +6,12 @@ author: cherylmc
 ms.service: vpn-gateway
 ms.custom: linux-related-content
 ms.topic: how-to
-ms.date: 03/25/2024
+ms.date: 06/24/2024
 ms.author: cherylmc
 ---
 # Generate and export certificates - Linux - OpenSSL
 
-VPN Gateway point-to-site (P2S) connections can be configured to use certificate authentication. The root certificate public key is uploaded to Azure and each VPN client must have the appropriate certificate files installed locally in order to connect. This article helps you create a self-signed root certificate and generate client certificates using OpenSSL. For more information, see [Point-to-site configuration - certificate authentication](vpn-gateway-howto-point-to-site-resource-manager-portal.md).
+This article helps you create a self-signed root certificate and generate client certificate **.pem** files using OpenSSL. If you need *.pfx* and *.cer* files instead, see the [Windows- PowerShell](vpn-gateway-certificates-point-to-site.md) instructions.
 
 ## Prerequisites
 

articles/vpn-gateway/vpn-gateway-certificates-point-to-site-linux.md

@@ -6,14 +6,14 @@ author: cherylmc
 ms.service: vpn-gateway
 ms.custom: linux-related-content
 ms.topic: how-to
-ms.date: 05/15/2024
+ms.date: 06/24/2024
 ms.author: cherylmc
 ---
 # Generate and export certificates - Linux (strongSwan)
 
-VPN Gateway point-to-site connections can use certificates to authenticate. This article shows you how to create a self-signed root certificate and generate client certificates using strongSwan. You can also use [PowerShell](vpn-gateway-certificates-point-to-site.md) or [MakeCert](vpn-gateway-certificates-point-to-site-makecert.md).
+This article shows you how to create a self-signed root certificate and generate client certificates using strongSwan. The steps in this exercise help you create certificate **.pem** files. If you need *.pfx* and *.cer* files instead, see the [Windows- PowerShell](vpn-gateway-certificates-point-to-site.md) instructions.
 
-Each client must have a client certificate installed locally to connect. Additionally, the root certificate public key information must be uploaded to Azure. For more information, see [Point-to-site configuration - certificate authentication](vpn-gateway-howto-point-to-site-resource-manager-portal.md).
+For point-to-site connections, each VPN client must have a client certificate installed locally to connect. Additionally, the root certificate public key information must be uploaded to Azure. For more information, see [Point-to-site configuration - certificate authentication](vpn-gateway-howto-point-to-site-resource-manager-portal.md).
 
 ## <a name="install"></a>Install strongSwan
 

articles/vpn-gateway/vpn-gateway-certificates-point-to-site-makecert.md

@@ -5,24 +5,24 @@ description: Learn how to create a self-signed root certificate, export a public
 author: cherylmc
 ms.service: vpn-gateway
 ms.topic: how-to
-ms.date: 07/28/2023
+ms.date: 06/24/2024
 ms.author: cherylmc
 
 ---
 # Generate and export certificates for Point-to-Site connections using MakeCert
 
-Point-to-Site connections use certificates to authenticate. This article shows you how to create a self-signed root certificate and generate client certificates using MakeCert. If you're looking for different certificate instructions, see [Certificates - PowerShell](vpn-gateway-certificates-point-to-site.md) or [Certificates - Linux](vpn-gateway-certificates-point-to-site-linux.md).
+This article shows you how to create a self-signed root certificate and generate client certificates using MakeCert. The steps in this article help you create **.pfx** and **.cer** files. If you're looking for different certificate instructions, see [PowerShell - .pfx and .cer certificate files](vpn-gateway-certificates-point-to-site.md) or [Linux- OpenSSL - .pem certificate files](point-to-site-certificates-linux-openssl.md).
 
-While we recommend using the [Windows 10 or later PowerShell steps](vpn-gateway-certificates-point-to-site.md) to create your certificates, we provide these MakeCert instructions as an optional method. The certificates that you generate using either method can be installed on [any supported client operating system](vpn-gateway-howto-point-to-site-resource-manager-portal.md#faq). However, MakeCert has the following limitation:
+We recommend using the [Windows 10 or later PowerShell steps](vpn-gateway-certificates-point-to-site.md) to create your certificates. We provide these MakeCert instructions as an optional method. The certificates that you generate using either method can be installed on [any supported client operating system](vpn-gateway-howto-point-to-site-resource-manager-portal.md#faq). MakeCert has the following limitation:
 
-* MakeCert is deprecated. This means that this tool could be removed at any point. Any certificates that you already generated using MakeCert won't be affected when MakeCert is no longer available. MakeCert is only used to generate the certificates, not as a validating mechanism.
+* MakeCert is deprecated. This means that this tool could be removed at any point. Certificates that you already generated using MakeCert won't be affected if MakeCert is no longer available. MakeCert is only used to generate the certificates, not as a validating mechanism.
 
 ## <a name="rootcert"></a>Create a self-signed root certificate
 
 The following steps show you how to create a self-signed certificate using MakeCert. These steps aren't deployment-model specific. They're valid for both Resource Manager and classic.
 
 1. Download and install [MakeCert](/windows/win32/seccrypto/makecert).
-2. After installation, you can typically find the makecert.exe utility under this path: 'C:\Program Files (x86)\Windows Kits\10\bin\<arch>'. Although, it's possible that it was installed to another location. Open a command prompt as administrator and navigate to the location of the MakeCert utility. You can use the following example, adjusting for the proper location:
+2. After installation, you can typically find the makecert.exe utility under this path: 'C:\Program Files (x86)\Windows Kits\10\bin\<arch>'. However, it's possible that it was installed to another location. Open a command prompt as administrator and navigate to the location of the MakeCert utility. You can use the following example, adjusting for the proper location:
 
    ```cmd
    cd C:\Program Files (x86)\Windows Kits\10\bin\x64
@@ -41,7 +41,7 @@ The exported.cer file must be uploaded to Azure. For instructions, see [Configur
 
 ### Export the self-signed certificate and private key to store it (optional)
 
-You may want to export the self-signed root certificate and store it safely. You can later install it on another computer and generate more client certificates, or export another .cer file. To export the self-signed root certificate as a .pfx, select the root certificate and use the same steps as described in [Export a client certificate](#clientexport).
+You might want to export the self-signed root certificate and store it safely. You can later install it on another computer and generate more client certificates, or export another .cer file. To export the self-signed root certificate as a .pfx, select the root certificate and use the same steps as described in [Export a client certificate](#clientexport).
 
 ## Create and install client certificates
 
@@ -51,7 +51,7 @@ You don't install the self-signed certificate directly on the client computer. Y
 
 Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root certificate, and then export and install the client certificate. If the client certificate isn't installed, authentication fails.
 
-The following steps walk you through generating a client certificate from a self-signed root certificate. You may generate multiple client certificates from the same root certificate. When you generate client certificates using the following steps, the client certificate is automatically installed on the computer that you used to generate the certificate. If you want to install a client certificate on another client computer, you can export the certificate.
+The following steps walk you through generating a client certificate from a self-signed root certificate. You can generate multiple client certificates from the same root certificate. When you generate client certificates using the following steps, the client certificate is automatically installed on the computer that you used to generate the certificate. If you want to install a client certificate on another client computer, you can export the certificate.
 
 1. On the same computer that you used to create the self-signed certificate, open a command prompt as administrator.
 2. Modify and run the sample to generate a client certificate.

articles/vpn-gateway/vpn-gateway-certificates-point-to-site.md

@@ -5,13 +5,13 @@ description: Learn how to create a self-signed root certificate, export a public
 author: cherylmc
 ms.service: vpn-gateway
 ms.topic: how-to
-ms.date: 08/04/2023
+ms.date: 06/24/2024
 ms.author: cherylmc
 
 ---
 # Generate and export certificates for point-to-site using PowerShell
 
-Point-to-site connections use certificates to authenticate. This article shows you how to create a self-signed root certificate and generate client certificates using PowerShell on Windows 10 or later, or Windows Server 2016 or later.
+This article shows you how to create a self-signed root certificate and generate client certificates using PowerShell on Windows 10 or later, or Windows Server 2016 or later. The steps in this article help you create **.pfx** and **.cer** files. If you don't have a Windows computer, you can use a small Windows VM as a workaround.
 
 The PowerShell cmdlets that you use to generate certificates are part of the operating system and don't work on other versions of Windows. The host operating system is only used to generate the certificates. Once the certificates are generated, you can upload them or install them on any supported client operating system.