Merge pull request #223600 from cherylmc/cert-auth2

freshness rewrite

Author: 19BMG00

articles/vpn-gateway/media/vpn-gateway-howto-point-to-site-resource-manager-portal/authentication-type.png

@@ -84,11 +84,11 @@ You can use the same VPN client configuration package on each Windows client com
 
 ## <a name="azurevpn"></a>OpenVPN: Azure VPN Client steps
 
-This section applies to certificate authentication configurations that use the OpenVPN tunnel type. The following steps help you download, install, and configure the Azure VPN Client to connect to your VNet. To connect to your VNet, each client must have the following items:
+This section applies to certificate authentication configurations that use the OpenVPN tunnel type. The following steps help you download, install, and configure the Azure VPN Client to connect to your VNet. Each client computer requires the following items:
 
-* The Azure VPN Client software is installed.
-* Azure VPN Client profile is configured using the downloaded **azurevpnconfig.xml** configuration file.
-* The client certificate is installed locally.
+* The Azure VPN Client software must be installed on each client computer that you want to connect.
+* The Azure VPN Client profile must be configured using the downloaded **azurevpnconfig.xml** configuration file.
+* The client computer must have a client certificate that's installed locally.
 
 ### <a name="view-azurevpn"></a>View configuration files
 

articles/vpn-gateway/media/vpn-gateway-howto-point-to-site-resource-manager-portal/configuration-address-pool.png

@@ -6,7 +6,7 @@ author: cherylmc
 
 ms.service: vpn-gateway
 ms.topic: conceptual
-ms.date: 06/10/2022
+ms.date: 01/10/2023
 ms.author: cherylmc
 ---
 
@@ -113,7 +113,7 @@ For non-zone-redundant and non-zonal gateways (gateway SKUs that do *not* have *
 
 Zone-redundant and zonal gateways (gateway SKUs that have *AZ* in the name) both rely on a *Standard SKU* Azure public IP resource. Azure Standard SKU public IP resources must use a static allocation method.
 
-For non-zone-redundant and non-zonal gateways (gateway SKUs that do *not* have *AZ* in the name), only dynamic IP address assignment is supported. However, this doesn't mean that the IP address changes after it has been assigned to your VPN gateway. The only time the VPN gateway IP address changes is when the gateway is deleted and then re-created. The VPN gateway public IP address doesn't change when you resize, reset, or complete other internal maintenance and upgrades of your VPN gateway.
+For non-zone-redundant and non-zonal gateways (gateway SKUs that do *not* have *AZ* in the name), dynamic IP address assignment is supported. When you use a dynamic IP address, the IP address doesn't change after it has been assigned to your VPN gateway. The only time the VPN gateway IP address changes is when the gateway is deleted and then re-created. The VPN gateway public IP address doesn't change when you resize, reset, or complete other internal maintenance and upgrades of your VPN gateway.
 
 ### How does my VPN tunnel get authenticated?
 

articles/vpn-gateway/media/vpn-gateway-howto-point-to-site-resource-manager-portal/configuration-authentication-type.png

@@ -1,18 +1,14 @@
 ---
- title: include file
- description: include file
- services: vpn-gateway
  author: cherylmc
  ms.service: vpn-gateway
  ms.topic: include
- ms.date: 12/11/2018
+ ms.date: 11/21/2022
  ms.author: cherylmc
- ms.custom: include file
 ---
 If you have trouble connecting, check the following items:
 
-- If you exported a client certificate with **Certificate Export Wizard**, make sure that you exported it as a .pfx file and selected **Include all certificates in the certification path if possible**. When you export it with this value, the root certificate information is also exported. After you install the certificate on the client computer, the root certificate in the .pfx file is also installed. To verify that the root certificate is installed, open **Manage user certificates** and select **Trusted Root Certification Authorities\Certificates**. Verify that the root certificate is listed, which must be present for authentication to work.
+* If you exported a client certificate with **Certificate Export Wizard**, make sure that you exported it as a .pfx file and selected **Include all certificates in the certification path if possible**. When you export it with this value, the root certificate information is also exported. After you install the certificate on the client computer, the root certificate in the .pfx file is also installed. To verify that the root certificate is installed, open **Manage user certificates** and select **Trusted Root Certification Authorities\Certificates**. Verify that the root certificate is listed, which must be present for authentication to work.
 
-- If you used a certificate that was issued by an Enterprise CA solution and you can't authenticate, verify the authentication order on the client certificate. Check the authentication list order by double-clicking the client certificate, selecting the **Details** tab, and then selecting **Enhanced Key Usage**. Make sure *Client Authentication* is the first item in the list. If it isn't, issue a client certificate based on the user template that has *Client Authentication* as the first item in the list.
+* If you used a certificate that was issued by an Enterprise CA solution and you can't authenticate, verify the authentication order on the client certificate. Check the authentication list order by double-clicking the client certificate, selecting the **Details** tab, and then selecting **Enhanced Key Usage**. Make sure *Client Authentication* is the first item in the list. If it isn't, issue a client certificate based on the user template that has *Client Authentication* as the first item in the list.
 
-- For additional P2S troubleshooting information, see [Troubleshoot P2S connections](../articles/vpn-gateway/vpn-gateway-troubleshoot-vpn-point-to-site-connection-problems.md).
+* For additional P2S troubleshooting information, see [Troubleshoot P2S connections](../articles/vpn-gateway/vpn-gateway-troubleshoot-vpn-point-to-site-connection-problems.md).

articles/vpn-gateway/media/vpn-gateway-howto-point-to-site-resource-manager-portal/configuration-tunnel-type.png

@@ -1,17 +1,14 @@
 ---
- title: include file
- description: include file
- services: vpn-gateway
  author: cherylmc
  ms.service: vpn-gateway
  ms.topic: include
- ms.date: 10/30/2020
+ ms.date: 11/21/2022
  ms.author: cherylmc
- ms.custom: include file
+
 ---
-Point-to-site native Azure certificate authentication connections use the following items, which you configure in this exercise:
+P2S Azure certificate authentication connections use the following items, which you'll configure in this exercise:
 
 * A RouteBased VPN gateway.
-* The public key (.cer file) for a root certificate, which is uploaded to Azure. Once the certificate is uploaded, it is considered a trusted certificate and is used for authentication.
+* The public key (.cer file) for a root certificate, which is uploaded to Azure. Once the certificate is uploaded, it's considered a trusted certificate and is used for authentication.
 * A client certificate that is generated from the root certificate. The client certificate installed on each client computer that will connect to the VNet. This certificate is used for client authentication.
-* VPN client configuration. The VPN client is configured using VPN client configuration files. These files contain the necessary information for the client to connect to the VNet. The files configure the existing VPN client that is native to the operating system. Each client that connects must be configured using the settings in the configuration files.
+* VPN client configuration files. The VPN client is configured using VPN client configuration files. These files contain the necessary information for the client to connect to the VNet. Each client that connects must be configured using the settings in the configuration files.