Merge pull request #165254 from cherylmc/mac2

Mac2

Author: v-andreaco

articles/vpn-gateway/media/point-to-site-vpn-client-configuration-azure-cert/add-certificate.png

@@ -6,7 +6,7 @@ services: vpn-gateway
 author: cherylmc
 ms.service: vpn-gateway
 ms.topic: how-to
-ms.date: 06/03/2021
+ms.date: 07/12/2021
 ms.author: cherylmc
 ---
 
@@ -62,17 +62,30 @@ You can generate client configuration files using PowerShell, or by using the Az
 * **VpnSettings.xml**, which contains important settings like server address and tunnel type. 
 * **VpnServerRoot.cer**, which contains the root certificate required to validate the Azure VPN Gateway during P2S connection setup.
 
-Use the following steps to configure the native VPN client on Mac for certificate authentication. You have to complete these steps on every Mac that will connect to Azure:
+Use the following steps to configure the native VPN client on Mac for certificate authentication. These steps must be completed on every Mac that you want to connect to Azure.
 
-1. Import the **VpnServerRoot** root certificate to your Mac. This can be done by copying the file over to your Mac and double-clicking on it. Select **Add** to import.
+### Import root certificate file
 
-   :::image type="content" source="./media/point-to-site-vpn-client-configuration-azure-cert/add-certificate.png" alt-text="Screenshot shows Certificates page":::
-  
-    >[!NOTE]
-    >Double-clicking on the certificate may not display the **Add** dialog, but the certificate is installed in the correct store. You can check for the certificate in the login keychain under the certificates category.
-    >
+1. Copy to the root certificate file to your Mac. Double-click the file to open.
+1. On the **Add Certificates** page, select **login** from the dropdown.
+
+   :::image type="content" source="./media/point-to-site-vpn-client-configuration-azure-cert/login.png" alt-text="Screenshot shows Add Certificates page with login selected.":::
+1. Click **Add** to import the file.
+
+   :::image type="content" source="./media/point-to-site-vpn-client-configuration-azure-cert/add.png" alt-text="Screenshot shows Add Certificates page with Add selected.":::
+
+### Verify certificates
+
+Verify that both the client and the root certificate are installed. The client certificate is used for authentication and is required. For information about how to install a client certificate, see [Install a client certificate](point-to-site-how-to-vpn-client-install-azure-cert.md).
+
+1. Open the **Keychain Access** application.
+1. Navigate to the **Certificates** tab.
+1. Verify that both the client and the root certificate are installed.
+
+   :::image type="content" source="./media/point-to-site-vpn-client-configuration-azure-cert/keychain.png" alt-text="Screenshot shows Keychain Access with certificates installed." lightbox="./media/point-to-site-vpn-client-configuration-azure-cert/keychain-expanded.png":::
 
-1. Verify that you have installed a client certificate that was issued by the root certificate that you uploaded to Azure when you configured you P2S settings. This is different from the VPNServerRoot that you installed in the previous step. The client certificate is used for authentication and is required. For more information about generating certificates, see [Generate Certificates](vpn-gateway-howto-point-to-site-resource-manager-portal.md#generatecert). For information about how to install a client certificate, see [Install a client certificate](point-to-site-how-to-vpn-client-install-azure-cert.md).
+### Create VPN client profile
+
 1. Open the **Network** dialog under **Network Preferences** and select **'+'** to create a new VPN client connection profile for a P2S connection to the Azure virtual network.
 
    The **Interface** value is 'VPN' and **VPN Type** value is 'IKEv2'. Specify a name for the profile in the **Service Name** field, then select **Create** to create the VPN client connection profile.

articles/vpn-gateway/media/point-to-site-vpn-client-configuration-azure-cert/add.png

@@ -5,7 +5,7 @@
  author: cherylmc
  ms.service: vpn-gateway
  ms.topic: include
- ms.date: 10/28/2020
+ ms.date: 07/12/2021
  ms.author: cherylmc
 
 ---
@@ -15,9 +15,12 @@ You can use the same VPN client configuration package on each Windows client com
 >You must have Administrator rights on the Windows client computer from which you want to connect.
 >
 
-Use the following steps to configure the native Windows VPN client for certificate authentication:
+### Install the configuration files
 
 1. Select the VPN client configuration files that correspond to the architecture of the Windows computer. For a 64-bit processor architecture, choose the 'VpnClientSetupAmd64' installer package. For a 32-bit processor architecture, choose the 'VpnClientSetupX86' installer package. 
 1. Double-click the package to install it. If you see a SmartScreen popup, click **More info**, then **Run anyway**.
-1. On the client computer, navigate to **Network Settings** and click **VPN**. The VPN connection shows the name of the virtual network that it connects to.
-1. Before you attempt to connect, verify that you have installed a client certificate on the client computer. A client certificate is required for authentication when using the native Azure certificate authentication type.
+
+### Verify and connect
+
+1. Verify that you have installed a client certificate on the client computer. A client certificate is required for authentication when using the native Azure certificate authentication type. To view the client certificate, open **Manage User Certificates**. The client certificate is installed in **Current User\Personal\Certificates**.
+1. To connect, navigate to **Network Settings** and click **VPN**. The VPN connection shows the name of the virtual network that it connects to.