update

Author: cherylmc

articles/vpn-gateway/point-to-site-how-to-vpn-client-install-azure-cert.md

@@ -5,7 +5,7 @@ description: Learn how to install client certificates for P2S certificate authen
 author: cherylmc
 ms.service: vpn-gateway
 ms.topic: how-to
-ms.date: 07/28/2023
+ms.date: 08/07/2023
 ms.author: cherylmc
 
 ---

articles/vpn-gateway/vpn-gateway-howto-point-to-site-rm-ps.md

@@ -5,7 +5,7 @@ titleSuffix: Azure VPN Gateway
 author: cherylmc
 ms.service: vpn-gateway
 ms.topic: how-to
-ms.date: 08/04/2023
+ms.date: 08/07/2023
 ms.author: cherylmc 
 ms.custom: devx-track-azurepowershell
 
@@ -188,7 +188,7 @@ Verify that your VPN gateway has finished creating. Once it has completed, you c
    $CertBase64 = [system.convert]::ToBase64String($cert.RawData)
    ```
 
-1. Upload the public key information to Azure. Once the certificate information is uploaded, Azure considers it to be a trusted root certificate. When uploading, make sure you're running PowerShell locally on your computer, or instead, you can use the [Azure portal steps](vpn-gateway-howto-point-to-site-resource-manager-portal.md#uploadfile). You can't upload using Azure Cloud Shell.
+1. Upload the public key information to Azure. Once the certificate information is uploaded, Azure considers it to be a trusted root certificate. When uploading, make sure you're running PowerShell locally on your computer, or instead, you can use the [Azure portal steps](vpn-gateway-howto-point-to-site-resource-manager-portal.md#uploadfile). When the upload is complete, you'll see a PowerShell return showing PublicCertData. It takes about 10 minutes for the certificate upload process to complete.
 
    ```azurepowershell
    Add-AzVpnClientRootCertificate -VpnClientRootCertificateName $P2SRootCertName -VirtualNetworkGatewayname "VNet1GW" -ResourceGroupName "TestRG1" -PublicCertData $CertBase64
@@ -248,7 +248,7 @@ You can add and remove trusted root certificates from Azure. When you remove a r
 
 **To add:**
 
-You can add up to 20 root certificate .cer files to Azure. The following steps help you add a root certificate. 
+You can add up to 20 root certificate .cer files to Azure. The following steps help you add a root certificate.
 
 1. Prepare the .cer file to upload:
 

includes/vpn-gateway-certificates-install-client-cert-include.md

@@ -5,11 +5,11 @@
  author: cherylmc
  ms.service: vpn-gateway
  ms.topic: include
- ms.date: 06/03/2021
+ ms.date: 08/07/2023
  ms.author: cherylmc
  ms.custom: include file
 ---
-1. Once the client certificate is exported, locate and copy the *.pfx* file to the client computer. 
+1. Once the client certificate is exported, locate and copy the *.pfx* file to the client computer.
 1. On the client computer, double-click the *.pfx* file to install. Leave the **Store Location** as **Current User**, and then select **Next**.
 1. On the **File** to import page, don't make any changes. Select **Next**.
 1. On the **Private key protection** page, input the password for the certificate, or verify that the security principal is correct, then select **Next**.

includes/vpn-gateway-connect-vm.md

@@ -5,11 +5,11 @@
  author: cherylmc
  ms.service: vpn-gateway
  ms.topic: include
- ms.date: 04/29/2022
+ ms.date: 08/07/2023
  ms.author: cherylmc
  ms.custom: include file
 ---
-You can connect to a VM that is deployed to your VNet by creating a Remote Desktop Connection to your VM. The best way to initially verify that you can connect to your VM is to connect by using its private IP address, rather than computer name. That way, you're testing to see if you can connect, not whether name resolution is configured properly.
+You can connect to a VM that's deployed to your VNet by creating a Remote Desktop Connection to your VM. The best way to initially verify that you can connect to your VM is to connect by using its private IP address, rather than computer name. That way, you're testing to see if you can connect, not whether name resolution is configured properly.
 
 1. Locate the private IP address. You can find the private IP address of a VM by either looking at the properties for the VM in the Azure portal, or by using PowerShell.
 

includes/vpn-gateway-generate-export-certificates-include.md

@@ -12,10 +12,10 @@
 
 Use the New-SelfSignedCertificate cmdlet to create a self-signed root certificate. For additional parameter information, see [New-SelfSignedCertificate](/powershell/module/pki/new-selfsignedcertificate).
 
-1. From a computer running Windows 10 or later, or Windows Server 2016, open a Windows PowerShell console with elevated privileges. These examples don't work in the Azure Cloud Shell "Try It". You must run these examples locally.
-1. Use the following example to create the self-signed root certificate. The following example creates a self-signed root certificate named 'P2SRootCert' that is automatically installed in 'Certificates-Current User\Personal\Certificates'. You can view the certificate by opening *certmgr.msc*, or *Manage User Certificates*.
+1. From a computer running Windows 10 or later, or Windows Server 2016, open a Windows PowerShell console with elevated privileges.
+1. Create a self-signed root certificate. The following example creates a self-signed root certificate named 'P2SRootCert' that's automatically installed in 'Certificates-Current User\Personal\Certificates'. You can view the certificate by opening *certmgr.msc*, or *Manage User Certificates*.
 
-   Run the following example with any necessary modifications. The following certificate includes the 'NotAfter' parameter, which is optional. By default, without this parameter, the certificate expires in 1 year.
+   Make any needed modifications before using this sample. The 'NotAfter' parameter is optional. By default, without this parameter, the certificate expires in 1 year.
 
    ```powershell
    $params = @{
@@ -37,11 +37,11 @@ Use the New-SelfSignedCertificate cmdlet to create a self-signed root certificat
 
 ## <a name="clientcert"></a>Generate a client certificate
 
-Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root certificate, and then export and install the client certificate. If the client certificate isn't installed, authentication fails.
+Each client computer that connects to a VNet using point-to-site must have a client certificate installed. You generate a client certificate from the self-signed root certificate, and then export and install the client certificate. If the client certificate isn't installed, authentication fails.
 
-The following steps walk you through generating a client certificate from a self-signed root certificate. You may generate multiple client certificates from the same root certificate. When you generate client certificates using the steps below, the client certificate is automatically installed on the computer that you used to generate the certificate. If you want to install a client certificate on another client computer, you can export the certificate.
+The following steps walk you through generating a client certificate from a self-signed root certificate. You may generate multiple client certificates from the same root certificate. When you generate client certificates using the steps below, the client certificate is automatically installed on the computer that you used to generate the certificate. If you want to install a client certificate on another client computer, export the certificate.
 
-The examples use the New-SelfSignedCertificate cmdlet to generate a client certificate that expires in one year. For additional parameter information, such as setting a different expiration value for the client certificate, see [New-SelfSignedCertificate](/powershell/module/pki/new-selfsignedcertificate).
+The examples use the [New-SelfSignedCertificate](/powershell/module/pki/new-selfsignedcertificate) cmdlet to generate a client certificate.
 
 ### Example 1 - PowerShell console session still open
 

includes/vpn-gateway-p2s-architecture.md

@@ -2,7 +2,7 @@
  author: cherylmc
  ms.service: vpn-gateway
  ms.topic: include
- ms.date: 11/21/2022
+ ms.date: 08/07/2023
  ms.author: cherylmc
 
 ---

includes/vpn-gateway-p2s-clientcert-include.md

@@ -2,11 +2,11 @@
  ms.topic: include
  author: cherylmc
  ms.service: vpn-gateway
- ms.date: 05/23/2022
+ ms.date: 08/07/2023
  ms.author: cherylmc
 
 ---
-Each client computer that you connect to a VNet with a Point-to-Site connection must have a client certificate installed. You generate it from the root certificate and install it on each client computer. If you don't install a valid client certificate, authentication will fail when the client tries to connect to the VNet.
+Each client computer that you connect to a VNet with a point-to-site connection must have a client certificate installed. You generate it from the root certificate and install it on each client computer. If you don't install a valid client certificate, authentication will fail when the client tries to connect to the VNet.
 
 You can either generate a unique certificate for each client, or you can use the same certificate for multiple clients. The advantage to generating unique client certificates is the ability to revoke a single certificate. Otherwise, if multiple clients use the same client certificate to authenticate and you revoke it, you'll need to generate and install new certificates for every client that uses that certificate.
 

includes/vpn-gateway-p2s-rootcert-include.md

@@ -2,13 +2,13 @@
  ms.topic: include
  author: cherylmc
  ms.service: vpn-gateway
- ms.date: 08/04/2023
+ ms.date: 08/07/2023
  ms.author: cherylmc
 ---
 Obtain the .cer file for the root certificate. You can use either a root certificate that was generated with an enterprise solution (recommended), or generate a self-signed certificate. After you create the root certificate, export the public certificate data (not the private key) as a Base64 encoded X.509 .cer file. You upload this file later to Azure.
 
 * **Enterprise certificate:** If you're using an enterprise solution, you can use your existing certificate chain. Acquire the .cer file for the root certificate that you want to use.
-* **Self-signed root certificate:** If you aren't using an enterprise certificate solution, create a self-signed root certificate. Otherwise, the certificates you create won't be compatible with your P2S connections and clients will receive a connection error when they try to connect. You can use Azure PowerShell, MakeCert, or OpenSSL. The steps in the following articles describe how to generate a compatible self-signed root certificate:
+* **Self-signed root certificate:** If you aren't using an enterprise certificate solution, create a self-signed root certificate. Otherwise, the certificates you create won't be compatible with your P2S connections and clients receive a connection error when they try to connect. You can use Azure PowerShell, MakeCert, or OpenSSL. The steps in the following articles describe how to generate a compatible self-signed root certificate:
 
   * [PowerShell instructions for Windows 10 or later](../articles/vpn-gateway/vpn-gateway-certificates-point-to-site.md): These instructions require PowerShell on a computer running Windows 10 or later. Client certificates that are generated from the root certificate can be installed on any supported P2S client.
   * [MakeCert instructions](../articles/vpn-gateway/vpn-gateway-certificates-point-to-site-makecert.md): Use MakeCert to generate certificates if you don't have access to a computer running Windows 10 or later. Although MakeCert is deprecated, you can still use it to generate certificates. Client certificates that you generate from the root certificate can be installed on any supported P2S client.